[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: FSFS repo on a network share

From: David Weintraub <qazwart_at_gmail.com>
Date: Thu, 26 Feb 2009 15:16:03 -0500

On Thu, Feb 26, 2009 at 1:26 PM, James An <james_at_jamesan.ca> wrote:
> It works, but it's clumsy because:
>
> * there's a bunch of local Apache services running, when it should really be
> centralized at the server where the repos are stored,
> * user passwords are regularly changed and the researchers have to re-input
> their passwords for the local Apache service to continue to log in as them
> (to get the correct privileges to access the repo), and
> * the local workstation where the service is run has to be on (and logged in?)
> in order for the manager (the only other person accessing the repos) to
> access the remote repo
>
> Am I circumventing the safety measures by having the SVN server retrieve the
> repo over the network?

The problem with file:// is that if you can access your Subversion
repository via file://, you can go directly to the repository
directory and muck around in it directly -- even delete it.

You can use svnserve. It's simple to setup and you can have it store
its own passwords for the researchers. Then, you don't need direct
access to the repository via a network share. It takes a minute or two
to setup, and except to make sure that svnserve is actually running,
almost no maintenance. And, it is much more secure than just file://.

If you use Apache's httpd, you can setup Apache to do logging in via
the Windows LDAP server. Heck, it sounds like it's pretty much already
setup. Then the two researchers will have access over http:// or
https://. The security will be the same as what your Apache server
currently does.

--
David Weintraub
qazwart_at_gmail.com
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1234655
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-02-26 21:17:17 CET

This is an archived mail posted to the Subversion Users mailing list.