[HCoop-Discuss] Subversion security issue
Nathan Kennedy
ntk at hcoop.net
Fri Nov 3 18:24:37 EST 2006
Paul Anderson wrote:
> On 11/3/06, Omry Yadan <omry at yadan.net> wrote:
>
>> an alternative solution is to run a local apache as yourself, and proxy
>> to it from the shared one.
>>
>>
> Oooh, bad bad bad. No proxying:) I'm not fond of having individual
> users running their own apache. It adds to the load on the machine,
> although I'm not familiar with the hardware specs we're dealing with.
> There are some options available with custom tunnels that are vastly
> to be preferred, and much more lightweight on the server.
>
I'm not at all a fan of it either, for the saem sort of reasons, but the
fact is we have several users doing just that. I think it should be a
matter of last resort, but if that's the only way to securely
accommodate something, it's better than someone going elsewhere for
their needs. Saying to switch to darcs or some other software is not
solving the issue.
Unrelated note: We may want to offer Xen VPS's sometime in the future
after migrating, which would be an option for users with a lot of
advanced needs beyond shared hosting and who can shell out a little more.
In the meantime it would be great if we could figure out a way to get
shared SVN through Apache to work, obviously allowing users to run code
as www-data is very problematic.
I think we need to get a list of those users who actually are or want to
be running SVN.
-ntk
More information about the HCoop-Discuss
mailing list