Re: svn makes server security holes?

On May 4, 2006, at 01:57, Peter Michaux wrote:

> I asked my webhosting company if I could use svn on my shared account
> (Red Hat, I believe). They said no because svn makes security holes
> that they do not want on shared servers. Is this true?

That's a pretty broad and inflamatory statement for them to make, and
I'd expect them to back it up with some concrete evidence if they
intend to put that forth as a part of an argument.

Subversion can be served over several different protocols. Some of
them (svn, http) do not use encryption, so data and perhaps passwords
are sent over the network in plain text, which is not a good idea for
public networks like the Internet.

Other protocols (svn+ssh, https) are encrypted and should thus pose
no difficulty.

Serving a repository over https or svn+ssh has the added benefit of
not needing to open any new network ports, which might appease some
admins. (https uses the standard https port 443 which your hosting
company will already have open, and svn+ssh uses the standard ssh
port 22 which they'll likely also have open already.)

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu May 4 13:10:25 2006