Re: svnadmin create and not being method agnostic

From: David Brodbeck <brodbd_at_uw.edu>
Date: Tue, 28 Dec 2010 15:16:11 -0800

2010/12/28 Thorsten Schöning <tschoening_at_am-soft.de>

> Guten Tag Philip Prindeville,
> am Montag, 27. Dezember 2010 um 22:28 schrieben Sie:
>
> > In our case, we're setting up a secured source repository inside
> > our network, for outside access (via port-forwarding on our gateway).
>
> In this scenario and if security is this important for you, then why
> not just use svnserve?

I don't know what Philip's reasons are, but svnserve does have some
shortcomings that might make it unsuitable for sites that are serious about
security. The most obvious one is that it requires passwords to be stored
in cleartext in the repository passwd file on the server. Another one is
its lack of any logging or auditing capabilities.

On the other hand, when you start using Apache you've got a whole 'nother
pile of code that can have security holes in it...so it's really a matter of
which risk you're more concerned about.

-- 
David Brodbeck
System Administrator, Linguistics
University of Washington

Received on 2010-12-29 00:16:51 CET

This message: [ Message body ]
Next message: Bob Archer: "RE: svnadmin create and not being method agnostic"
Previous message: Les Mikesell: "Re: svnadmin create and not being method agnostic"
In reply to: Thorsten Schöning: "Re: svnadmin create and not being method agnostic"
Next in thread: Bob Archer: "RE: svnadmin create and not being method agnostic"
Reply: Bob Archer: "RE: svnadmin create and not being method agnostic"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]