John Peacock wrote:
>
> Andre-John Mas wrote:
> > Is there any way to have the IP address of the committer's system automatically added to the check-in comment?
>
> Using what method to connect to the server?
>
> http[s]://
> svn://
> svn+ssh://
>
> Each of these would be different (the last is particularly tricky since
> the user is literally connecting from the local host via an ssh tunnel).
At the moment I am just planning for svn:// & svn+ssh://
> > Also are there any other ways that I could link a commiter's IP address to the commit, without having it displayed publically in the comment? I am wanting this to ensure we have a log, for security reasons.
>
> If you are using Apache, you could certainly have a log reader that
> would scan for the commits. You could even have a post-commit hook that
> added a record to a database at the end of every commit. But if you are
> this paranoid, I would suggest you should be using svn+ssh:// or
> https:// with client certs...
In many ways my questions is more academic at the moment. Having
just read about how a compromise of a commiter's account allowed
malicious code to be introduced into a project I feel it could be
useful to know where the issue came from. I suppose I could
extend the question to find out whether there is a way to add any
meta-information with a commit, taking data from an environment
variable if available.
Andre
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Dec 20 19:38:23 2007