Re: Subversion service records? (Was: Mapping repositories to ports)

Dear Alec!

Alec Kloss schrieb:
> Wouldn't it be better to use service records in DNS to resolve all
> viable protocols that can be used to access a repository. The
> client can then attempt to autoselect, or prompt the user to select
> one mechanism. I'm thinking of records something like this:

Thank you for your thoughts but I don't understand how this is
related to tho OP's requirement and my answer. I didn' talk about the
different access methods like svn, http, ssl but instead about low-level
stuff.

Example:

I have a SVN server running:
svn://server:3690/repo1
svn://server:3691/repo2
svn://server:3692/repo3

And a firewall with the following port redirection:

*source* IP 192.168.1.0/24, destination IP firewall, port 3690
  --> server port 3690

*source* IP 192.168.2.0/24, destination IP firewall, port 3690
  --> server port 3691

*source* IP 192.168.3.0/24, destination IP firewall, port 3690
  --> server port 3692

This way users from the first network are only able to access repo1,
and so on. This enhanced security quite a lot because the access
rules on the SVN server has to apply *AND* a matching firewall rule
has to exist for a certain network/repository. This has nothing to
do with rewriting access methods.

With best regards
Andreas Schweigstill

-- 
Dipl.-Phys. Andreas Schweigstill
Schweigstill IT | Embedded Systems
Schauenburgerstraße 116, D-24118 Kiel, Germany
Phone: (+49) 431 5606-435, Fax: (+49) 431 5606-436
Mobile: (+49) 171 6921973, Web: http://www.schweigstill.de/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org