Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much

Re: Re: Re: [OT] Advanced CVS usage

by autarch (Hermit)
on May 30, 2003 at 04:08 UTC ( #261760=note: print w/replies, xml ) Need Help??

in reply to Re: Re: [OT] Advanced CVS usage
in thread [OT] Advanced CVS usage

Subversion has its own server now that can run over an ssh connection. It's just called svnserve.

Replies are listed 'Best First'.
Re: Re: Re: Re: [OT] Advanced CVS usage
by drewbie (Chaplain) on May 30, 2003 at 13:54 UTC

    Now that you mentioned it, I do remember reading in an FAQ about the SSH option... Hmmm, subversion is looking better & better. I printed off Chapters 1-6 of the Subversion book yesterday & will look over it this weekend.

    Any gotchas I should be on the lookout for if we switch to subversion?

Re: [OT] Advanced CVS usage
by hacker (Priest) on Jun 02, 2003 at 00:36 UTC
    ..which again suffers from a larger security hole than a properly-scoped ACL that does not require local user accounts.

    As far as I know, without a SERIOUSLY locked down chroot (i.e. no logins allowed whatsoever), you can't let non-local users use ssh. You need to create a local account for them on the physical box (or LDAP, or whatever you use). This opens a potential hole in your security, pending someone exploiting the client machine or network (which, as you know, you can never trust or validate).

    If someone has a trusted account on your box(es), they can always try "Exploit-of-the-week" to try to gain root or consume unnecessary resources of the machine proper. These can be controlled with limits(5) and chroot(8), but those too, require considerations of their own.

    With a system using ACLs, and no local user accounts, you can be sure that even if the user's machine, network, or password were somehow sniffed or exploited in some way as to compromise their access to their repository, it does not compromise your server running those repositories.

    Requiring a local account, ssh, cvs, login, or otherwise, is always going to be less secure than a system that works without the use of that constraint. See and for more information on these issues.

    Subversion is definately a contender for personal repositories, and public repositories where absolute security is not an issue, but those should be determined by the administrator who needs to install, maintain, and manage those repositories.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://261760]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (5)
As of 2018-06-21 01:35 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (117 votes). Check out past polls.