2010/12/28 Thorsten Schöning <tschoen...@am-soft.de> > Guten Tag Philip Prindeville, > am Montag, 27. Dezember 2010 um 22:28 schrieben Sie: > > > In our case, we're setting up a secured source repository inside > > our network, for outside access (via port-forwarding on our gateway). > > In this scenario and if security is this important for you, then why > not just use svnserve?
I don't know what Philip's reasons are, but svnserve does have some shortcomings that might make it unsuitable for sites that are serious about security. The most obvious one is that it requires passwords to be stored in cleartext in the repository passwd file on the server. Another one is its lack of any logging or auditing capabilities. On the other hand, when you start using Apache you've got a whole 'nother pile of code that can have security holes in it...so it's really a matter of which risk you're more concerned about. -- David Brodbeck System Administrator, Linguistics University of Washington
