Re: Fine and secure dining, was Re: svnadmin create and not being method agnostic

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Wed, 5 Jan 2011 19:29:55 -0500

On Wed, Jan 5, 2011 at 2:19 PM, Les Mikesell <lesmikesell_at_gmail.com> wrote:

> Of course you _can_ secure it. My point is that permitting ssh and
> restricting access to ssh by itself is very likely to make your system less
> secure (if you count on firewall protections) instead of more so. And
> nothing that can be done in the default svn installation can fix it.

It's an issue. The layers and layers of external-to-subversion hackery
to secure any of the multiple forms of access is fairly burdensome.
Coupled with the lack of configuration tools for the SSH key
management, and it's a compounded problem. Alternative port use, and
restricting a separate SSHD for external access with only a single
user allowed and access restricted to SSH keys, it's a lot better, but
those are extra and fairly painful steps.

Mind you, compared to storing the HTTP/HTTPS passwords in clear text
in fashions that are unstoppable by the server and is enabled by
default in all UNIX and Linux clients, it's a 2 inch thick vault door,
Received on 2011-01-06 01:30:36 CET

This message: [ Message body ]
Next message: Nick: "Re: 207 Multi-Status error checking out WebKit repository on Windows"
Previous message: Mark Phippard: "Re: problem with svnsync and repository locks..."
In reply to: Les Mikesell: "Re: Fine and secure dining, was Re: svnadmin create and not being method agnostic"
Next in thread: Johan Corveleyn: "Re: Fine and secure dining, was Re: svnadmin create and not being method agnostic"
Reply: Johan Corveleyn: "Re: Fine and secure dining, was Re: svnadmin create and not being method agnostic"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]