[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: what is the best way to set up secure svn server for people outside the firewall to access it?

From: Alec Kloss <alec.kloss_at_oracle.com>
Date: 23 Sep 2009 17:47:03 -0500

On 2009-09-23 17:42, Nico Kadel-Garcia wrote:
> On Wed, Sep 23, 2009 at 1:49 PM, baz themail <bazthemail_at_gmail.com> wrote:
> > Thanks for your reply.
> >
> > Anyone can give me a procedure to set up mid level security svn server and
> > high level security svn server? Sorry if i am asking too much :)
> >
> > A.
> >
> > On Wed, Sep 23, 2009 at 9:46 AM, Andrey Repin <anrdaemon_at_freemail.ru> wrote:
> >>
> >> Greetings, baz themail!
> >>
> >> > what is the best/recommended way to set up secure svn server for people
> >> > outside the firewall to access it?
> >>
> >> Depends what the level of security you want.
> >> No simple answer.
>
> Well, start by considering how Sourceforge does it. Individual
> repositories with different projects, different people have different
> access to it, and the only permitted write access is via svn+ssh in
> order to avoid the 'store passwords in cleartext' that has been
> inherent in Subversion's services since day one. You'll need to manage
> the SSH keys for individual repositories, for which I've never found a
> good tool, but it's a start
>

Using the GSSAPI support built into SASL and mod_auth_kerb in
Apache (over HTTPS) allows you to have secure subversion access
using a common user base, centralized key management, and
single sign-on all in one fell swoop. As an added bonus you can
run subversion on a "sealed" server where there are no end
user accounts. The downside is it's difficult to set up and some
(many) binary distributions of Subversion don't include GSSAPI or
Negotiate authentication support.

-- 
Alec.Kloss_at_oracle.com			Oracle Middleware
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956

  • application/pgp-signature attachment: stored
Received on 2009-09-24 00:48:06 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.