[HCoop-Discuss] Subversion security issue

Omry Yadan omry at yadan.net
Sat Nov 4 04:55:52 EST 2006


rob at hcoop.net wrote:

>> I am, with a proxy.
>>     
>
> Out of curiosity what do you mean by with a proxy?  Meaning you have an
> HTTP proxy setup to access the SVN repo?
>   
I run an http instance that uses its own svn_dev modules, and run under
my user.
the primary apache proxies the requests to my apache.

> ....
> Ah, I see. I am not sure 1 instance of svnserve could be configured in a
> way that allows access to multiple repositories.  
it can, but it will access all the repositories using its own user, and
all the repositories need to be under the same path.

> I'd imagine we'd have to make some changes for that to work?  Personally I like the idea of using
> tunnelled SSH and svnserve.  I think getting this to work would be pretty
> simple. I think you could do it using a public/private key that redirects
> the connection to the svnserve that the user is running.  It sounds like
> this approach may not work for you though if you are required to use an
> HTTP proxy.
>   
Those are my requirements:
1. subversion repository for source control (I am not going to switch to
a new source control system)
2. both anoynmous access to my repository and authenticated commit
access to my repository.
3. access should be done via http, where I am in control of the full
host name and path. (at the moment my repo is at
http://svn.firestats.cc/, and I like it this way).
4. control over the authentication and authorization for my repository
(who can commit, and where can he commit to).

those are pretty standard requirements from a subversion service.
at the moment I have achieved my goals using the my own instance of apache.
I realize that this is not ideal, and I am willing to switch to another
method that accommodate my requirements if such a method is available.

if there are enough people that have similar requirements, it might be
worth the trouble to develop a shared svn service over apache, where all
the repositories are under some system directory (/home/svn for
example), and users can control their repos (creation, deletion,
authentication and authorization) via a tool like domtool (svntool?) .

but as I said, personally I am content with my current solution.

    Omry.




More information about the HCoop-Discuss mailing list