[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn makes server security holes?

From: Ryan Schmidt <subversion-2006q2_at_ryandesign.com>
Date: 2006-05-04 23:58:30 CEST

On May 4, 2006, at 23:41, Peter Michaux wrote:

>> > I asked my webhosting company if I could use svn on my shared
>> account
>> > (Red Hat, I believe). They said no because svn makes security holes
>> > that they do not want on shared servers. Is this true?
>> That's a pretty broad and inflamatory statement for them to make, and
>> I'd expect them to back it up with some concrete evidence if they
>> intend to put that forth as a part of an argument.
> Below is my web hosting company's offical response.
> <blockquote>I understand you want to have Subversion installed on our
> shared server to use with your site. A few years ago we determined
> that the use of WebDAV on any of our servers is a major security flaw
> due to the way it the software works. Subversion makes use of WebDAV
> and thus it is not allowed on any of our shared servers.</blockquote>
> Any validity to this? Any way to install svn without WebDav?

That's news to me, then again I haven't researched the topic at all.
Perhaps someone else on the list knows what they're talking about (so
I'm CCing the list again).

Subversion over http or https works on top of WebDAV.

Subversion over svn+ssh uses svnserve which has nothing to do with
WebDAV or http.

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri May 5 00:00:29 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.