[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: what is the best way to set up secure svn server for people outside the firewall to access it?

From: Alec Kloss <alec.kloss_at_oracle.com>
Date: 23 Sep 2009 17:47:03 -0500

On 2009-09-23 17:42, Nico Kadel-Garcia wrote:
> On Wed, Sep 23, 2009 at 1:49 PM, baz themail <bazthemail_at_gmail.com> wrote:
> > Thanks for your reply.
> >
> > Anyone can give me a procedure to set up mid level security svn server and
> > high level security svn server? Sorry if i am asking too much :)
> >
> > A.
> >
> > On Wed, Sep 23, 2009 at 9:46 AM, Andrey Repin <anrdaemon_at_freemail.ru> wrote:
> >>
> >> Greetings, baz themail!
> >>
> >> > what is the best/recommended way to set up secure svn server for people
> >> > outside the firewall to access it?
> >>
> >> Depends what the level of security you want.
> >> No simple answer.
> Well, start by considering how Sourceforge does it. Individual
> repositories with different projects, different people have different
> access to it, and the only permitted write access is via svn+ssh in
> order to avoid the 'store passwords in cleartext' that has been
> inherent in Subversion's services since day one. You'll need to manage
> the SSH keys for individual repositories, for which I've never found a
> good tool, but it's a start

Using the GSSAPI support built into SASL and mod_auth_kerb in
Apache (over HTTPS) allows you to have secure subversion access
using a common user base, centralized key management, and
single sign-on all in one fell swoop. As an added bonus you can
run subversion on a "sealed" server where there are no end
user accounts. The downside is it's difficult to set up and some
(many) binary distributions of Subversion don't include GSSAPI or
Negotiate authentication support.

Alec.Kloss_at_oracle.com			Oracle Middleware
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956

  • application/pgp-signature attachment: stored
Received on 2009-09-24 00:48:06 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.