[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Secure svnserve?

From: Olaf van der Spek <ml_at_vdspek.org>
Date: Fri, 25 Nov 2016 11:29:27 +0100

On Fri, Nov 25, 2016 at 11:20 AM, Branko Čibej <brane_at_apache.org> wrote:
> On 25.11.2016 11:11, Olaf van der Spek wrote:
>> Hi,
>>
>> Currently I'm running svnserve on a Debian VM on my PC. I'd like to
>> move it to a server on the internet but I don't get how to do this
>> securely.
>> Svnserve doesn't support encryption, right, so I can't expose it on a
>> public port directly.
>> I'm aware of Subversion via Apache but I don't run Apache and I don't
>> want to give the entire web server access to repos anyway.
>> I also don't want to give each SVN user a shell account..
>> What's the proper way to do this?
>
> Use stunnel in front of svnserve:
>
> https://www.stunnel.org/
>
>
> HOWEVER:
>
> You'll also have to put stunnel on every _client_ machine because the
> Subversion client does not support encrypte svn:// protocol natively.
> Depending on the kinds of clients you support, that could be either very
> easy or extremely complex.

I'm using TortoiseSVN on Windows and the command-line client on Linux.

>
>> Wouldn't it be good if svnserve supported encryption directly?
>
> It would be a moderately nice-to-have feature, but given that stunnel
> exists, it's not necessary. In fact, it's better not to reinvent
> security features that are available in existing, mature software.

Using TLS isn't exactly reinventing security features is it?
Received on 2016-11-25 11:29:40 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.