subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nico Kadel-Garcia <nka...@gmail.com>
Subject Re: Fine and secure dining, was Re: svnadmin create and not being method agnostic
Date Thu, 06 Jan 2011 00:29:55 GMT
On Wed, Jan 5, 2011 at 2:19 PM, Les Mikesell <lesmikesell@gmail.com> wrote:

> Of course you _can_ secure it.  My point is that permitting ssh and
> restricting access to ssh by itself is very likely to make your system less
> secure (if you count on firewall protections) instead of more so. And
> nothing that can be done in the default svn installation can fix it.

It's an issue. The layers and layers of external-to-subversion hackery
to secure any of the multiple forms of access is fairly burdensome.
Coupled with the lack of configuration tools for the SSH key
management, and it's a compounded problem. Alternative port use, and
restricting a separate SSHD for external access with only a single
user allowed and access restricted to SSH keys, it's a lot better, but
those are extra and fairly painful steps.

Mind you, compared to storing the HTTP/HTTPS passwords in clear text
in fashions that are unstoppable by the server and is enabled by
default in all UNIX and Linux clients, it's a 2 inch thick vault door,

Mime
View raw message