[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: access svn securely from the internet via sasl or ssh

From: Bob Archer <Bob.Archer_at_amsi.com>
Date: Fri, 19 Dec 2008 11:57:34 -0500

Svn protocol isn't really secure. It is meant for intranets. SSH tunnel makes it secure but you said you don't want to give you users rw accsess to the repository. So, I think that only leaves moving to https via Apache.

BOb

> -----Original Message-----
> From: bobdole1_at_web.de [mailto:bobdole1_at_web.de]
> Sent: Friday, December 19, 2008 10:07 AM
> To: users_at_subversion.tigris.org
> Subject: access svn securely from the internet via sasl or ssh
>
> Hi!
>
> I have a Ubuntu server with an svn repository (only svnserve -d, no
> WebDAV). What would be the simplest way to make it securely available to
> the internet? I think svn+ssh is rather insecure because you give each
> user a right to write directly (low-level) into the svn-repository.
> For, SASL, how much do I need to configure? Is it sufficient to add the
> following to the svn svnserve.conf:
> [sasl]
> use-sasl = true
> min-encryption = 128
> max-encryption = 256
>
> Or do I really need all this extra configuration with sasl configuration:
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> sasldb_path: /etc/my_sasldb
> mech_list: DIGEST-MD5
> ...
> (as described in http://svnbook.red-
> bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnser
> ve.sasl ; section: Authentication with SASL)
>
> I just need a connection to be as secure as regular ssh. :-) Thanks in
> advance!
>
> Best, Philip
> ____________________________________________________________________
> Psssst! Schon vom neuen WEB.DE MultiMessenger gehört?
> Der kann`s mit allen: http://www.produkte.web.de/messenger/?did=3123
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=
> 987502
>
> To unsubscribe from this discussion, e-mail: [users-
> unsubscribe_at_subversion.tigris.org].

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=987611

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2008-12-19 17:58:36 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.