[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: svnadmin create and not being method agnostic

From: Bob Archer <Bob.Archer_at_amsi.com>
Date: Wed, 29 Dec 2010 10:29:15 -0500

> 2010/12/28 Thorsten Schöning <tschoening_at_am-soft.de>
> Guten Tag Philip Prindeville,
> am Montag, 27. Dezember 2010 um 22:28 schrieben Sie:
> > In our case, we're setting up a secured source repository inside
> > our network, for outside access (via port-forwarding on our
> gateway).
> In this scenario and if security is this important for you, then
> why
> not just use svnserve?
> I don't know what Philip's reasons are, but svnserve does have some
> shortcomings that might make it unsuitable for sites that are
> serious about security.  The most obvious one is that it requires
> passwords to be stored in cleartext in the repository passwd file
> on the server.

You can use SASL with svnserver and you can use svn+ssh to tunnel through ssh which I hear is pretty secure.

> Another one is its lack of any logging or auditing
> capabilities.

v1.6 added logging to svnserve.

> On the other hand, when you start using Apache you've got a whole
> 'nother pile of code that can have security holes in it...so it's
> really a matter of which risk you're more concerned about.

yep, 6 of one...


> --
> David Brodbeck
> System Administrator, Linguistics
> University of Washington
Received on 2010-12-29 16:29:54 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.