[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnadmin create and not being method agnostic

From: Stefan Sperling <stsp_at_elego.de>
Date: Tue, 28 Dec 2010 18:05:15 +0100

On Tue, Dec 28, 2010 at 08:58:43AM -0800, Philip Prindeville wrote:
> On 12/28/10 3:44 AM, Stefan Sperling wrote:
> >The important bit about security is that admins understand how to configure
> >the application they're setting up. They can then configure it securely.
> >I suppose your real concern is that you or others would get distracted
> >by those files. Which implies a lack of understanding about how the
> >system is or has been configured. I'd say the real problem here is
> >documenting your setup properly and making sure everyone involved knows
> >what this documentation says.
> If I know that they're used only by svnserve and I'm never going to use svnserve, maybe I don't want they lying around just to svnserve will never be run (by a hacker for an exploit).
> That seems pretty straigthtforward.

But svnserve will run even if the svnserve.conf file doesn't exist.

Received on 2010-12-28 18:06:07 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.