On Mon, Sep 16, 2013 at 4:51 PM, Les Mikesell <lesmikesell_at_gmail.com> wrote:
> On Mon, Sep 16, 2013 at 2:53 PM, Dan White <d_e_white_at_icloud.com> wrote:
> > The described solution is one we already use within our network space,
> but
> > Security will not allow a connection from DMZ to the internal SVN server.
> > It violates the whole purpose of having a DMZ in the first place.
> >
>
> There is always the trick of ssh-ing a command from inside the
> firewall to the DMZ box that (a) sets up port-forwarding and (b) runs
> the svn command as though the repo is on localhost. Technically, and
> from the firewall's point of view, the connection is established
> outbound.
This is also a firing offense in many environments. I once had a chief
developer, with various root SSH key access, running just such tunnels to
and from his home machine, tunnels that I happened to notice. He was also
using non-passphrase protected SSH keys, and had *built* the previous
version of Subversion in use at that company. Given the secure data he had
access to this way, from offsite, it caused a serous scandal behind closed
doors, (And I replaced that Subversion with a source controlled one, owned
by "root", instead of the one owned by him individually!)
Received on 2013-09-17 14:11:59 CEST