[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn makes server security holes?

From: Ryan Schmidt <subversion-2006q2_at_ryandesign.com>
Date: 2006-05-04 13:08:54 CEST

On May 4, 2006, at 01:57, Peter Michaux wrote:

> I asked my webhosting company if I could use svn on my shared account
> (Red Hat, I believe). They said no because svn makes security holes
> that they do not want on shared servers. Is this true?

That's a pretty broad and inflamatory statement for them to make, and
I'd expect them to back it up with some concrete evidence if they
intend to put that forth as a part of an argument.

Subversion can be served over several different protocols. Some of
them (svn, http) do not use encryption, so data and perhaps passwords
are sent over the network in plain text, which is not a good idea for
public networks like the Internet.

Other protocols (svn+ssh, https) are encrypted and should thus pose
no difficulty.

Serving a repository over https or svn+ssh has the added benefit of
not needing to open any new network ports, which might appease some
admins. (https uses the standard https port 443 which your hosting
company will already have open, and svn+ssh uses the standard ssh
port 22 which they'll likely also have open already.)

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu May 4 13:10:25 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.