Re: svnadmin create and not being method agnostic

From: Thorsten Schöning <tschoening_at_am-soft.de>
Date: Thu, 30 Dec 2010 08:33:27 +0100

Guten Tag Philip Prindeville,
am Mittwoch, 29. Dezember 2010 um 18:03 schrieben Sie:

> So my concern is this: I want to be able to easily, clearly, and
> with high confidence set up SVN to *only* work via Apache, and no
> other way.

Then your real problem is that svnserve does exist and is executable
at all and not that some managing tools create maybe unneeded
configuration files. Having unneeded and executable binaries on the
system but speeking of security over everything and as the one and
only truth seems funny to me. The unneeded configuration file is step
2, the first one is to get rid of svnserve. But without svnserve and
therefore the need, that an attacker has to provide it's own one,
speaking is able to write anything to your system, the pre existing
configuration files are not a problem at all anymore, in my opinion.

Mit freundlichen Grüßen,

Thorsten Schöning

-- 
Thorsten Schöning
AM-SoFT IT-Systeme - Hameln | Potsdam | Leipzig
 
Telefon: Potsdam: 0331-743881-0
E-Mail:  tschoening_at_am-soft.de
Web:     http://www.am-soft.de
AM-SoFT GmbH IT-Systeme, Konsumhof 1-5, 14482 Potsdam
Amtsgericht Potsdam HRB 21278 P, Geschäftsführer: Andreas Muchow

Received on 2010-12-30 08:34:09 CET

This message: [ Message body ]
Next message: Leszek PorÄ™bski: "Re: auto-props does not work on copied files"
Previous message: David Weintraub: "Re: auto-props does not work on copied files"
In reply to: Philip Prindeville: "Re: svnadmin create and not being method agnostic"
Next in thread: Les Mikesell: "Re: svnadmin create and not being method agnostic"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]