> -----Original Message-----
> From: Michael Williams [mailto:gberz3@gmail.com]
>. . . .
>
> That still doesn't address my concerns. 1) hardware theft 2) FTP
> access 3) malicious root access. Yes, anything can be hacked, it's
> just a matter of how far you're willing to go to make them
> work. I'm
> personally willing to go further. Thanks.
I might be missing something, and if I am, please forgive me. This seems
like a much bigger problem.
You can't prevent hardware theft if you don't control the machine, and you
can't prevent FTP access if you don't have control over root access. Even
if you do control root, you still can't protect against all your threats by
just guarding SVN, you need to guard the firewall, any security policy
engine you use, and probably some things I haven't thought of at the moment.
And you have to guard against attacks that tunnel through trusted services.
And even then this seems like a big piece of work.
For example, let's say it would be possible to encrypt the repository. Then
we'd decrypt what we need to work on, do a transaction, and then encrypt
things again. Let's assume that there's a way to modify the server so that
this works.
Then either the client and tools have to be modified in ways to protect the
secret source, or we'd have to set it up so that unmodified clients can use
the encrypted repository. If a "standard" client can be used, then a
malicious user can steal the source by hacking standard SVN source code. I
seem to recall that untrusted users were also using the server for other
work.
I won't bother you with the social-engineering attacks, you probably have
them all figured out anyway. I'm just wondering if there's a simpler,
stronger solution than trying to roll a "secured SVN".
Erik
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jun 20 23:12:04 2007