On 1/5/2011 1:04 PM, David Brodbeck wrote:
        It's possible to do secure Subversion. Use svn+ssh access,
        disable or
        block other services at the firewall,


    If ssh is permitted and you didn't personally set it up, what are
    the odds that port tunneling or ssh's built in socks proxy will
    allow access to every service behind the firewall?


The nice thing about SSH is you can disable those things via server
configuration.  They are on by default in most distributions (and maybe
shouldn't be) but the configuration switches to turn them off are easy
to find.
Of course you _can_ secure it.  My point is that permitting ssh and 
restricting access to ssh by itself is very likely to make your system 
less secure (if you count on firewall protections) instead of more so. 
And nothing that can be done in the default svn installation can fix it.
--
  Les Mikesell
   lesmikes...@gmail.com

Reply via email to