[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve passwd plaintext

From: gmu 2k6 <gmu2006_at_gmail.com>
Date: 2006-07-16 20:17:41 CEST

On 7/16/06, Les Mikesell <lesmikesell@gmail.com> wrote:
> On Sun, 2006-07-16 at 04:50, gmu 2k6 wrote:
> > >
> > > Could you do it in Webmin? Webmin could resally use some modules for
> > > handling Subversion, and this might be a nice little project for it.
> >
> > sorry, but I don't want to have any sort of http-daemon running at
> > all. actually I also have OpenSSH running and that together with
> > svnserve is enough of an attack vector besides the ineviatable but
> > securable tcp/ip stack itself.
> > running too many services on one box is not good, security and performance-wise.
>
> Given a choice between old well-tested services where the known
> bugs are already fixed and a new one, I'll choose the old
> ones even if the new one sounds theoretically better.

good point. see below.

> > I'm trying to keep both Dual-Core CPUs free for all the hard work
> > svnserve does when updating/committing (actually I'm happy svnserve
> > can saturate the CPU but this naturally does not leave much space for
> > additional services).
>
> Ssh with blowfish encryption is pretty lightweight - or you could
> offload the encryption of https by running stunnel or a proxy
> on another machine connected by a secure interface.

as OpenSSH is already installed, I might give svn+ssh// with OpenSSH
doing PAM with Winbind to let the users use their Windows Passwords to
access the machine.
I better read about winbind and whether I have to join the domain etc. then.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Jul 16 20:18:50 2006

This is an archived mail posted to the Subversion Users mailing list.