[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Encrypted Repositories. . .?

From: Stephane Bortzmeyer <bortzmeyer_at_nic.fr>
Date: 2007-06-20 16:00:27 CEST

On Wed, Jun 20, 2007 at 09:46:56AM -0400,
 Michael Williams <gberz3@gmail.com> wrote
 a message of 49 lines which said:

> Alright, alright. . .I thank you for the input, but the personal
> comments are a bit too much fellas. . . ;)

It's because you apparently do not want to believe a very basic fact:
you cannot protect your repository against the system
administrator. Period. If they are root, they can subvert any scheme
you can conceive (for instance, they can read the private key in the
Subversion's server memory).

You are simply asking for perpetual motion or squaring of the
circle. It cannot be done. Period.
 
If you want a reasonable security, get a dedicated server (it starts
at US $ 20 / month) and use an encrypted filesystem (so a rogue
visitor of the data center cannot steal the disk).

It still does not protect you against some attacks (snooping on the
PCI bus...) so, after that, to improve security, you will need to host
the server yourself.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jun 20 17:34:05 2007

This is an archived mail posted to the Subversion Users mailing list.