On 1/5/2011 1:04 PM, David Brodbeck wrote:
It's possible to do secure Subversion. Use svn+ssh access, disable or block other services at the firewall, If ssh is permitted and you didn't personally set it up, what are the odds that port tunneling or ssh's built in socks proxy will allow access to every service behind the firewall? The nice thing about SSH is you can disable those things via server configuration. They are on by default in most distributions (and maybe shouldn't be) but the configuration switches to turn them off are easy to find.
Of course you _can_ secure it. My point is that permitting ssh and restricting access to ssh by itself is very likely to make your system less secure (if you count on firewall protections) instead of more so. And nothing that can be done in the default svn installation can fix it.
-- Les Mikesell lesmikes...@gmail.com