Guten Tag Philip Prindeville, am Mittwoch, 29. Dezember 2010 um 18:03 schrieben Sie:
> So my concern is this: I want to be able to easily, clearly, and > with high confidence set up SVN to *only* work via Apache, and no > other way. Then your real problem is that svnserve does exist and is executable at all and not that some managing tools create maybe unneeded configuration files. Having unneeded and executable binaries on the system but speeking of security over everything and as the one and only truth seems funny to me. The unneeded configuration file is step 2, the first one is to get rid of svnserve. But without svnserve and therefore the need, that an attacker has to provide it's own one, speaking is able to write anything to your system, the pre existing configuration files are not a problem at all anymore, in my opinion. Mit freundlichen Grüßen, Thorsten Schöning -- Thorsten Schöning AM-SoFT IT-Systeme - Hameln | Potsdam | Leipzig Telefon: Potsdam: 0331-743881-0 E-Mail: [email protected] Web: http://www.am-soft.de AM-SoFT GmbH IT-Systeme, Konsumhof 1-5, 14482 Potsdam Amtsgericht Potsdam HRB 21278 P, Geschäftsführer: Andreas Muchow
