[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: using svn:// protocol for sensitive data

From: Karl Fogel <kfogel_at_red-bean.com>
Date: 2007-07-09 22:29:15 CEST

Jon Rue <jonrue@u.washington.edu> writes:
> I am in the processing of setting up a subversion repository for
> managing sensitive data (budgets, salaries, etc.) for my department's
> administrative staff. They are dispersed all over the university and
> our department doesn't have any central resources to host the data so
> I am using the university's main web server farm to host the
> repository. I was planning on using the svn:// protocol to access the
> repository since it might be next to impossible to get the university
> admins to alter the apache configuration and none of the users have
> local accounts on the servers so svn+ssh:// wouldn't work.
> Does anyone think it is a bad idea to use just the svn:// protocol for
> managing access to sensitive data? Anon access will be disabled and I
> am setting up password files and access rules using the authz
> mechanism. Our servers are running version 1.3.2 of
> subversion. Getting that updated to a more recent version might be a
> tall order as well.

Your data will be transmitted over the Net in the clear. Whether that
is acceptable or not is a local policy question -- it's not really
about Subversion, I think.

Good luck,

Subversion support & consulting  <>  http://producingoss.com/consulting.html
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Jul 9 22:28:57 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.