[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Re: Commiter's IP address in commit comment?

From: Andre-John Mas <ajmas_at_sympatico.ca>
Date: 2007-12-20 19:37:50 CET

John Peacock wrote:
>
> Andre-John Mas wrote:
> > Is there any way to have the IP address of the committer's system automatically added to the check-in comment?
>
> Using what method to connect to the server?
>
> http[s]://
> svn://
> svn+ssh://
>
> Each of these would be different (the last is particularly tricky since
> the user is literally connecting from the local host via an ssh tunnel).

At the moment I am just planning for svn:// & svn+ssh://

> > Also are there any other ways that I could link a commiter's IP address to the commit, without having it displayed publically in the comment? I am wanting this to ensure we have a log, for security reasons.
>
> If you are using Apache, you could certainly have a log reader that
> would scan for the commits. You could even have a post-commit hook that
> added a record to a database at the end of every commit. But if you are
> this paranoid, I would suggest you should be using svn+ssh:// or
> https:// with client certs...

In many ways my questions is more academic at the moment. Having
just read about how a compromise of a commiter's account allowed
malicious code to be introduced into a project I feel it could be
useful to know where the issue came from. I suppose I could
extend the question to find out whether there is a way to add any
meta-information with a commit, taking data from an environment
variable if available.

Andre

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Dec 20 19:38:23 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.