[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Setting up a remote Subversion repository (slightly off-topic)

From: Nico Kadel-Garcia <nkadel_at_comcast.net>
Date: 2006-05-14 20:34:56 CEST

Eric Hanchrow wrote:
>>>>>> "Nico" == Nico Kadel-Garcia <nkadel@comcast.net> writes:
> Nico> Wait. svnserve by itself is not securable, due to its
> Nico> public password use.
> I guess that depends on what you mean by "securable". If you trust
> the operating system's file-access controls, then there's nothing to
> worry about, since the password file can be read only by those to whom
> you've granted access -- typically just the svnserve daemon itself.

Those are only part of securing. The transactions occur in clear, on the
network, where anyone running a packet sniffer can tap them trivially. That,
in and of itself, makes it unsecurable, especially in a remote access
configuration. HTTP has the same problem, rather HTTPS itself.

> Nico> Is there web-space, with HTTPS access available?
> svn itself allows this, since the server can be run as an apache
> module. But the people who run the server need to configure it.

Well, yes. That's why I asked: the site administrators may not wish to
permit this.

> Nico> Can you put the repository there, under your public_html
> Nico> directory if necessary?
> That would be up to the people who run the server.

See above.

> Nico> I'd be curious if they have this: I'm looking around for a
> Nico> good virtumin/usermin module for Subversion right now.
> I can't help with that; I've never used one.

I like them, they're useful for other purposes.

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun May 14 20:36:18 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.