On Tue, Dec 28, 2010 at 08:58:43AM -0800, Philip Prindeville wrote:
> On 12/28/10 3:44 AM, Stefan Sperling wrote:
> >The important bit about security is that admins understand how to configure
> >the application they're setting up. They can then configure it securely.
> >I suppose your real concern is that you or others would get distracted
> >by those files. Which implies a lack of understanding about how the
> >system is or has been configured. I'd say the real problem here is
> >documenting your setup properly and making sure everyone involved knows
> >what this documentation says.
>
> If I know that they're used only by svnserve and I'm never going to use svnserve, maybe I don't want they lying around just to svnserve will never be run (by a hacker for an exploit).
>
> That seems pretty straigthtforward.
But svnserve will run even if the svnserve.conf file doesn't exist.
Stefan
Received on 2010-12-28 18:06:07 CET