On Mon, Sep 16, 2013 at 4:51 PM, Les Mikesell <lesmikes...@gmail.com> wrote:
> On Mon, Sep 16, 2013 at 2:53 PM, Dan White <d_e_wh...@icloud.com> wrote: > > The described solution is one we already use within our network space, > but > > Security will not allow a connection from DMZ to the internal SVN server. > > It violates the whole purpose of having a DMZ in the first place. > > > > There is always the trick of ssh-ing a command from inside the > firewall to the DMZ box that (a) sets up port-forwarding and (b) runs > the svn command as though the repo is on localhost. Technically, and > from the firewall's point of view, the connection is established > outbound. This is also a firing offense in many environments. I once had a chief developer, with various root SSH key access, running just such tunnels to and from his home machine, tunnels that I happened to notice. He was also using non-passphrase protected SSH keys, and had *built* the previous version of Subversion in use at that company. Given the secure data he had access to this way, from offsite, it caused a serous scandal behind closed doors, (And I replaced that Subversion with a source controlled one, owned by "root", instead of the one owned by him individually!)
