Re: disable security hole in svn+ssh?
From: Les Mikesell <lesmikesell_at_gmail.com>
Date: Fri, 29 Jul 2011 08:02:41 -0500
On 7/28/11 8:27 PM, Andy Canfield wrote:
> Seems like every protocol uses a different
Why? Pick one that works and leave the others so users can't use it, at least
> In recent years Linux has gone the route that a valid logged-in user can read
They need read/execute access to programs/libraries - repositories have whatever
> Can't change it, but can read it. Chalie can read
You can change that if you want. Apache needs to read it.
> Because we could have valuable trade secrets in a Subversion
Set it the way you want it. Under http(s), apache needs execute permission down
. But I am a little horrified that Charlie can create repositories without
They should be able to create them anywhere they have file create access. They
> I keep comparing Subversion to MySQL. They both store data for you. A repository
There's nothing magic about either one. An average user could run his own
>> We're hosting svn behind our firewall on http and so our users have to have a
If you want to go this route, OpenVpn is free, works across linux/windows/mac
>> You can then detect http protocol with a rewrite rule and redirect to https
Don't give users access to the repo with filesystem permissions if you don't
And by the way, that redirect of http to https won't really prevent users from
-- Les Mikesell lesmikesell_at_gmail.comReceived on 2011-07-29 15:03:16 CEST
This is an archived mail posted to the Subversion Users mailing list.