[HCoop-Discuss] Subversion security issue

rob at hcoop.net rob at hcoop.net
Fri Nov 3 17:12:16 EST 2006


> I am, with a proxy.

Out of curiosity what do you mean by with a proxy?  Meaning you have an
HTTP proxy setup to access the SVN repo?

> I agree that we cannot afford to have this security hole.
> if someone needs svn, there are a few alternatives that does not
> involved the primary apache using svn modules:
>
> 1. svnserve
> 2. personal apache.
> 3. tunneled ssh (never tried it)
>
> I am using the second option, because I had some issues that I couldn't
> live with when using svnserve, and the third is out of question because
> I want anonymous access.


Ah, I see. I am not sure 1 instance of svnserve could be configured in a
way that allows access to multiple repositories.  I'd imagine we'd have to
make some changes for that to work?  Personally I like the idea of using
tunnelled SSH and svnserve.  I think getting this to work would be pretty
simple. I think you could do it using a public/private key that redirects
the connection to the svnserve that the user is running.  It sounds like
this approach may not work for you though if you are required to use an
HTTP proxy.

-Rob







More information about the HCoop-Discuss mailing list