[HCoop-Discuss] Subversion security issue
Omry Yadan
omry at yadan.net
Fri Nov 3 16:52:00 EST 2006
rob at hcoop.net wrote:
> I know Brian H. and I both requested SVN in the past. I am not using it
> at the moment. I don't think Brian is either. Is anyone actively using
> an SVN repo hosted on HCoop?
>
I am, with a proxy.
> I have to agree that the svnserve isn't the most ideal way to use SVN but
> I don't like the idea of there being a security hole. I think we should
> stop using the SVN related apache modules if it is a security risk.
>
I agree that we cannot afford to have this security hole.
if someone needs svn, there are a few alternatives that does not
involved the primary apache using svn modules:
1. svnserve
2. personal apache.
3. tunneled ssh (never tried it)
I am using the second option, because I had some issues that I couldn't
live with when using svnserve, and the third is out of question because
I want anonymous access.
More information about the HCoop-Discuss
mailing list