Re: Secure svnserve?

From: Branko Čibej <brane_at_apache.org>
Date: Fri, 25 Nov 2016 11:20:54 +0100

On 25.11.2016 11:11, Olaf van der Spek wrote:
> Hi,
>
> Currently I'm running svnserve on a Debian VM on my PC. I'd like to
> move it to a server on the internet but I don't get how to do this
> securely.
> Svnserve doesn't support encryption, right, so I can't expose it on a
> public port directly.
> I'm aware of Subversion via Apache but I don't run Apache and I don't
> want to give the entire web server access to repos anyway.
> I also don't want to give each SVN user a shell account..
> What's the proper way to do this?

Use stunnel in front of svnserve:

https://www.stunnel.org/

HOWEVER:

You'll also have to put stunnel on every _client_ machine because the
Subversion client does not support encrypte svn:// protocol natively.
Depending on the kinds of clients you support, that could be either very
easy or extremely complex.

> Wouldn't it be good if svnserve supported encryption directly?

It would be a moderately nice-to-have feature, but given that stunnel
exists, it's not necessary. In fact, it's better not to reinvent
security features that are available in existing, mature software.

-- Brane
Received on 2016-11-25 11:20:58 CET

This message: [ Message body ]
Next message: Olaf van der Spek: "Re: Secure svnserve?"
Previous message: Olaf van der Spek: "Secure svnserve?"
In reply to: Olaf van der Spek: "Secure svnserve?"
Next in thread: Olaf van der Spek: "Re: Secure svnserve?"
Reply: Olaf van der Spek: "Re: Secure svnserve?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]