On Tue, May 12, 2015 at 8:30 AM, D Ste <djirat...@gmail.com> wrote: > Hi, > > I would like to set up SVN to store confidential documents. > I have secured the pipe communication with HTTPS/SSL. To avoid unauthorized > users (even with root access) accessing documents from within the server, I > would like to protect the SVN linux folder/files with encryption.
Thee are a stack of problem not unique to Subversion: 1) Whoever has your backups owns your content. This can be reduced with encrypted filesystems and encrypted backups, but it's a basic service side problem. 2) Subversion clients still save passphrases by default, with no way for the server to force clients to use mandatory password entry or force client-side wallet based encryption. Until and unless someone gets something working like multi-user svn+ssh based access with Kerberos tickets, or wields genuine Kerberos tickets into svnserve or enforces Kerberos ticket use for Apache access, almost all setups will leave you vulnerable to clients storing credentials poorly. Even SSH key based or SSL key based access doesn't solve this problem, because clients can and will store their credentials without protections, no matter what you tell them and no matter what you have them sign. 3) Actually storing encrypted files in SVN will inevitably mean storing binaries. Each small change in such a file will inevitably involve a large difference form the previously stored encrypted file, meaining a lot of resources for every change. and Subversion is *horrible* about expiring old, unwanted files. The "svn obliterate" is one of the most requested features, and has been consistently rejected since..... well, since its first releases over a decade ago. > Are there any ways to secure the SVN using protected folders or encryption? > So only authorized users can access these confidential documents. > > Thanks in advance for your helps. Yes, but there are limits. Be aware of them.
