[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVN Security

From: Andy Levy <andy.levy_at_gmail.com>
Date: 2006-04-13 17:25:53 CEST

On 4/13/06, Timo Wendt <twendt@online.de> wrote:
> Hi,
>
> I have evaluated Subversion for the last few days. The features are
> really great. My problem with it are the security things in some
> areas. There are a lot of nice features when you connect to the
> repository remotely. From 1.3.1 you don't even need Apache anymore to
> use the features from authz. But to my idea Subversion lacks a lot of
> security when it comes to local access to the repository via
> file:///. All I can to is hook scripts for commits and such things.
> But what if I like no access. Of course I did change the permissions
> of the repository dirs., but thats about it.

You can't use authz with file:// access - only svnserve and Apache.
If you set the permissions on the directory hosting the repository so
that only the userID that Apache runs under can access it, this is a
non-issue. I haven't used svnserve so I don't know what userID it
runs under when using svn:// or svn+ssh://

> I also did a hotcopy of the repository. All my permissions are lost
> after that. The copy is again a matter of the umask.

Again, if you use Apache, this is a non-issue I think. Only allow the
userID that Apache runs under (plus whatever IDs need access for
backups, etc.) read access.

Direct filesystem access, much like direct physical access, can wreakk
havoc with many layers of security. This isn't necessarily a failing
of the software you're using - if I can bypass the software to get at
the files directly, it doesn't matter how good the application's
built-in security is.

> Another thing that bothers me is the auth cache and it even on per
> default. Saving clear text passwords on disk is bad. In my case the
> file was even world readable even thogh the book states it is only
> readable by the owner. I understand that this feature is nice for
> usage, but is there no way of shutting it off completely apart from
> changing the source code, which I did? As long as this feature is
> available, users will use it. Users always find nice ways to make
> their work easiest.

I can't find a plain-text password in my auth cache (1.2.3, WinXP).

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Apr 13 17:32:19 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.