Hi,
I understand this, but Subversion will run on a server and not just
on a client. And since it would be simply too expensive to have a
server that only runs subversion and nothing else, there will be
other users on that server as well.
Of course svn+ssh is my preferred way as well.
Gruß,
Timo Wendt
ACHTUNG: Meine Email-Adresse hat sich von Timo@Schnibbe.net in
Timo@TJWendt.de geändert.
Am 13.04.2006 um 17:20 schrieb Brent Webster:
> If you want security then use svn+ssh or http.
> The file: option is more for single user on their desktop.
>
> Brent
>
>>> -----Original Message-----
>>> From: Timo Wendt [mailto:twendt@online.de]
>>> Sent: April 13, 2006 11:11 AM
>>> To: users@subversion.tigris.org
>>> Subject: SVN Security
>>>
>>> Hi,
>>>
>>> I have evaluated Subversion for the last few days. The
>>> features are really great. My problem with it are the
>>> security things in some areas. There are a lot of nice
>>> features when you connect to the repository remotely. From
>>> 1.3.1 you don't even need Apache anymore to use the features
>>> from authz. But to my idea Subversion lacks a lot of security
>>> when it comes to local access to the repository via file:///.
>>> All I can to is hook scripts for commits and such things.
>>> But what if I like no access. Of course I did change the
>>> permissions of the repository dirs., but thats about it. The
>>> book always states that umask is important. Umask is
>>> something the Admin cannot force.
>>> Every user can change his umask if he wants to. I want to
>>> place config files in the repository that are confidential. I
>>> cannot rely on users having to set there umask correctly.
>>>
>>> I also did a hotcopy of the repository. All my permissions
>>> are lost after that. The copy is again a matter of the umask.
>>>
>>> Another thing that bothers me is the auth cache and it even
>>> on per default. Saving clear text passwords on disk is bad.
>>> In my case the file was even world readable even thogh the
>>> book states it is only readable by the owner. I understand
>>> that this feature is nice for usage, but is there no way of
>>> shutting it off completely apart from changing the source
>>> code, which I did? As long as this feature is available,
>>> users will use it. Users always find nice ways to make their
>>> work easiest.
>>>
>>> Don't misunderstand me, this product is really great, but
>>> please also understand my point of view.
>>>
>>> Greeting,
>>>
>>> Timo
>>>
>>>
>>> --------------------------------------------------------------------
>>> -
>>> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
>>> For additional commands, e-mail: users-help@subversion.tigris.org
>>>
>>>
Received on Thu Apr 13 17:27:27 2006