On 7/16/11 1:35 PM, David Mehler wrote:
> I've done some more reading/googling and from what i'm seeing high
> security isn't doable with svnserve even with sasl, passwords from the
> client need to be stored on disk plain, this isn't desirable in my
> case.
Yes, that's why there is the ssh+svn variation. But the client plain text
password on disk is more of a linux issue. The windows and mac clients use OS
facilities to keep the password encrypted and only accessible by that user.
> Do you host a repository via apache? The problem I'm having is not
> it's ease of setup, I can do that, the issue is one of data
> visibility. I'm not wanting someone to be able to go to
> http://domain.com/svn/project1 and see trunk code. I know that I can
> use basic authentication to prevent this, but would rather the repo
> not be viewable at all to any anonymous users.
The repos where I use http do have anonymous read access (but behind a
firewall). If I didn't want that I'd use basic auth with 'require valid-user'
for the location - and probably force https use so the password exchange would
be encrypted. Some other parts of the company use https with a client
certificate requirement in addition to the password. I don't have access to
that configuration but I don't think it would be difficult other than
maintaining per-client certificates if you don't already have infrastructure for
that.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
