[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnadmin create and not being method agnostic

From: Thorsten Schöning <tschoening_at_am-soft.de>
Date: Thu, 30 Dec 2010 08:33:27 +0100

Guten Tag Philip Prindeville,
am Mittwoch, 29. Dezember 2010 um 18:03 schrieben Sie:

> So my concern is this: I want to be able to easily, clearly, and
> with high confidence set up SVN to *only* work via Apache, and no
> other way.

Then your real problem is that svnserve does exist and is executable
at all and not that some managing tools create maybe unneeded
configuration files. Having unneeded and executable binaries on the
system but speeking of security over everything and as the one and
only truth seems funny to me. The unneeded configuration file is step
2, the first one is to get rid of svnserve. But without svnserve and
therefore the need, that an attacker has to provide it's own one,
speaking is able to write anything to your system, the pre existing
configuration files are not a problem at all anymore, in my opinion.

Mit freundlichen Grüßen,

Thorsten Schöning

Thorsten Schöning
AM-SoFT IT-Systeme - Hameln | Potsdam | Leipzig
Telefon: Potsdam: 0331-743881-0
E-Mail:  tschoening_at_am-soft.de
Web:     http://www.am-soft.de
AM-SoFT GmbH IT-Systeme, Konsumhof 1-5, 14482 Potsdam
Amtsgericht Potsdam HRB 21278 P, Geschäftsführer: Andreas Muchow
Received on 2010-12-30 08:34:09 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.