Re: Fine and secure dining, was Re: svnadmin create and not being method agnostic

From: Les Mikesell <lesmikesell_at_gmail.com>
Date: Wed, 05 Jan 2011 13:19:42 -0600

On 1/5/2011 1:04 PM, David Brodbeck wrote:
>
> It's possible to do secure Subversion. Use svn+ssh access,
> disable or
> block other services at the firewall,
>
>
> If ssh is permitted and you didn't personally set it up, what are
> the odds that port tunneling or ssh's built in socks proxy will
> allow access to every service behind the firewall?
>
>
> The nice thing about SSH is you can disable those things via server
> configuration. They are on by default in most distributions (and maybe
> shouldn't be) but the configuration switches to turn them off are easy
> to find.

Of course you _can_ secure it. My point is that permitting ssh and
restricting access to ssh by itself is very likely to make your system
less secure (if you count on firewall protections) instead of more so.
And nothing that can be done in the default svn installation can fix it.

-- 
   Les Mikesell
    lesmikesell_at_gmail.com

Received on 2011-01-05 20:20:21 CET

This message: [ Message body ]
Next message: David Weintraub: "Re: Hooks That Use Perl Test::Builder Having Problems with STDERR"
Previous message: David Brodbeck: "Re: Fine and secure dining, was Re: svnadmin create and not being method agnostic"
In reply to: David Brodbeck: "Re: Fine and secure dining, was Re: svnadmin create and not being method agnostic"
Next in thread: Nico Kadel-Garcia: "Re: Fine and secure dining, was Re: svnadmin create and not being method agnostic"
Reply: Nico Kadel-Garcia: "Re: Fine and secure dining, was Re: svnadmin create and not being method agnostic"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]