[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnadmin create and not being method agnostic

From: David Brodbeck <brodbd_at_uw.edu>
Date: Tue, 28 Dec 2010 15:16:11 -0800

2010/12/28 Thorsten Schöning <tschoening_at_am-soft.de>

> Guten Tag Philip Prindeville,
> am Montag, 27. Dezember 2010 um 22:28 schrieben Sie:
> > In our case, we're setting up a secured source repository inside
> > our network, for outside access (via port-forwarding on our gateway).
> In this scenario and if security is this important for you, then why
> not just use svnserve?

I don't know what Philip's reasons are, but svnserve does have some
shortcomings that might make it unsuitable for sites that are serious about
security. The most obvious one is that it requires passwords to be stored
in cleartext in the repository passwd file on the server. Another one is
its lack of any logging or auditing capabilities.

On the other hand, when you start using Apache you've got a whole 'nother
pile of code that can have security holes in it...so it's really a matter of
which risk you're more concerned about.

David Brodbeck
System Administrator, Linguistics
University of Washington
Received on 2010-12-29 00:16:51 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.