Svn protocol isn't really secure. It is meant for intranets. SSH tunnel makes it secure but you said you don't want to give you users rw accsess to the repository. So, I think that only leaves moving to https via Apache.
BOb
> -----Original Message-----
> From: bobdole1_at_web.de [mailto:bobdole1_at_web.de]
> Sent: Friday, December 19, 2008 10:07 AM
> To: users_at_subversion.tigris.org
> Subject: access svn securely from the internet via sasl or ssh
>
> Hi!
>
> I have a Ubuntu server with an svn repository (only svnserve -d, no
> WebDAV). What would be the simplest way to make it securely available to
> the internet? I think svn+ssh is rather insecure because you give each
> user a right to write directly (low-level) into the svn-repository.
> For, SASL, how much do I need to configure? Is it sufficient to add the
> following to the svn svnserve.conf:
> [sasl]
> use-sasl = true
> min-encryption = 128
> max-encryption = 256
>
> Or do I really need all this extra configuration with sasl configuration:
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> sasldb_path: /etc/my_sasldb
> mech_list: DIGEST-MD5
> ...
> (as described in http://svnbook.red-
> bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnser
> ve.sasl ; section: Authentication with SASL)
>
> I just need a connection to be as secure as regular ssh. :-) Thanks in
> advance!
>
> Best, Philip
> ____________________________________________________________________
> Psssst! Schon vom neuen WEB.DE MultiMessenger gehört?
> Der kann`s mit allen: http://www.produkte.web.de/messenger/?did=3123
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=
> 987502
>
> To unsubscribe from this discussion, e-mail: [users-
> unsubscribe_at_subversion.tigris.org].
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=987611
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2008-12-19 17:58:36 CET