Re: Mapping repositories to ports

From: Andreas Schweigstill <andreas_at_schweigstill.de>
Date: Thu, 30 Oct 2008 13:11:00 +0100

Hello!

Ryan Schmidt schrieb:
> You haven't mentioned what your unique requirements are, but usually
> there's no need for this; apache and svnserve can both happily serve
> multiple repositories via a single port and IP address.

But such a configuration makes lots of sense when used together with
port forwarding on a firewall. I also sometimes have such requirements
that a remote (VPN) user should get access to only a specific
repository. I know that such means could be established with the
Subversion access rights but forwarding to distinct TCP ports for
multiple instances of svnserve gives another degreee of security.

But I also have to admit that a "hole" in svnserve could also allow
malicious people to leave the repository path which had been set by
"-r". So probably the svnserve instances also should run in seperate
chroot environments or BSD jails in order to increase security even
more.

But all of this depends on the people who get access to the port(s)
of the SVN server.

With best regards
Andreas Schweigstill

-- 
Dipl.-Phys. Andreas Schweigstill
Schweigstill IT | Embedded Systems
Schauenburgerstraße 116, D-24118 Kiel, Germany
Phone: (+49) 431 5606-435, Fax: (+49) 431 5606-436
Mobile: (+49) 171 6921973, Web: http://www.schweigstill.de/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org

Received on 2008-10-30 13:11:05 CET

This message: [ Message body ]
Next message: Martin Schröder: "Re: externals and sparse directories"
Previous message: Rob Hubbard: "RE: identify deleted file"
In reply to: Ryan Schmidt: "Re: Mapping repositories to ports"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]