[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Push ?

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Tue, 17 Sep 2013 08:11:07 -0400

On Mon, Sep 16, 2013 at 4:51 PM, Les Mikesell <lesmikesell_at_gmail.com> wrote:

> On Mon, Sep 16, 2013 at 2:53 PM, Dan White <d_e_white_at_icloud.com> wrote:
> > The described solution is one we already use within our network space,
> but
> > Security will not allow a connection from DMZ to the internal SVN server.
> > It violates the whole purpose of having a DMZ in the first place.
> >
> There is always the trick of ssh-ing a command from inside the
> firewall to the DMZ box that (a) sets up port-forwarding and (b) runs
> the svn command as though the repo is on localhost. Technically, and
> from the firewall's point of view, the connection is established
> outbound.

This is also a firing offense in many environments. I once had a chief
developer, with various root SSH key access, running just such tunnels to
and from his home machine, tunnels that I happened to notice. He was also
using non-passphrase protected SSH keys, and had *built* the previous
version of Subversion in use at that company. Given the secure data he had
access to this way, from offsite, it caused a serous scandal behind closed
doors, (And I replaced that Subversion with a source controlled one, owned
by "root", instead of the one owned by him individually!)
Received on 2013-09-17 14:11:59 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.