Which protocol? svn:// or http(s):// ?

+2 A:

https:// and svn+ssh:// are encrypted and so are safer for transmitting secure data (such as your svn password.

If it's anything like git, svn+ssh:// will be faster than https:// and svn:// will be faster than http://

Macha 2010-01-26 16:50:49

I do not actually know a whole lot about svn+ssh. What kind of support does that require on the server? Must you have an ssh account that has a shell on the server? No anonymous access?

Earlz 2010-01-26 16:53:09

SVN+SSH is basically the same as svn://, only you're conducting it through an SSH tunnel. This isn't an option you'd want to pursue if anonymous access is important to you.

Eric Kolb 2010-01-26 16:58:47

@earlz: You need some kind of account with filesystem access to the repository, and the permission to run `svn` (or maybe some other binary?).

Thomas 2010-01-26 16:59:50

@Eric: you can have anonymous access with SSH enabled if you want (not that you should or that it makes sense)

Andreas Bonini 2010-01-26 16:59:54

@Andreas: True enough. I carry the implicit assumption that people intend to design security protocol based on what's sensible, so that caveat didn't spring to mind. :)That said, if public, anonymous, end-to-end-secure traffic is your aim with a subversion repository, HTTPS would be the smart choice for that.

Eric Kolb 2010-01-26 17:36:09

+13 A:

http:// has a serious overhead, especially when dealing with thousands of small files. I used svn for a website that had around 50,000 icons, all saved on SVN.. With HTTP, it took around 20 minutes to checkout. Once I switched to svn://, it took less than a minute. This is because with HTTP it's one new HTTP request per file.

http:// however has the following big advantage: it usually goes through firewalls. For example, now that I switched to svn:// I can no longer access my repository from my university because of their firewall.

Regarding the difference between using SSL/TLS or not, well, it's obvious: data is encrypted; however it's more difficult to set up.

Andreas Bonini 2010-01-26 16:51:43

Another advantage of the http(s):// is that is conformant to the WebDAV standard. Which means you can mount such repositories in e.g. explorer or other WebDAV clients. See http://svnbook.red-bean.com/nightly/en/svn.webdav.html

Stefan 2010-01-27 15:03:50

+1 A:

http and https are handled by web server module for subversion support, so you can use http based authentication (configured through .htaccess) to limit access to your repository)

Vestel 2010-01-26 16:52:24

Well, you can have authentication with svnserve too.. It's just done in a slightly different way.

Andreas Bonini 2010-01-26 16:57:14

Yes, and if you have 100 repositories for a same developer group, you need to transfer config file among any repository. This way, you can have only one file which allows them to access, and every change in it will control access to any repository

Vestel 2010-01-26 17:01:24

You can obtain the same effect with svnserve + symlinks. Also, creating several repositories for the same developer group makes no sense and is discouraged from the official svn book.

Andreas Bonini 2010-01-26 17:17:38

Example:I have a developer team (7 people) which works on several client projects. They must have access to repository and 'full live preview', which are located on one computer. No one else, should have any access to live preview. I can configure my apache the way, that only they got access to several folders and urls, and when one of developers leave team - I need to change access only in one place.

Vestel 2010-01-26 17:44:47

With HTTP, it is much easier to use Windows Active Directory for authentication. This can be handy in a Windows environment.

msemack 2010-01-26 18:08:43

+4 A:

svn+ssh is the svn protocol run inside a SSH tunnel. The client uses SSH to log on the remove server and remotely runs the svn command in that tunnel. In my view, svn+ssh is the easiest way to use a subversion repository on a distant system, because you do not have any server to launch on that system, assuming that you already have a SSH server running.

Also, svn+ssh benefits from the cryptographic protection of SSH. Do not use raw svn protocol over untrusted networks.

The main problem with svn+ssh is that it requires shell access on the remote machine. It is difficult to offer someone access to the repository without giving him access to the whole shell account. For that, you want one of the HTTP-based methods, i.e. http or https (preferably https because of the encryption-and-authentication layer). These methods are more complex to configure (you need a HTTP/HTTPS server, e.g. Apache) but allow the repository administrator to carefully and precisely control repository access rights.

Thomas Pornin 2010-01-26 16:58:27

+2 A:

Also if you use http:// (Apache + SVN) then you can get your users to log in using Windows Authentication with the addition of the mod_auth_sspi module.

See here: http://blog.pengoworks.com/index.cfm/2007/11/1/Configuring-Windows-Authentication-with-Apache-22x-and-Subversion

So your (windows) devs only have to remember one user / password

Ezz 2010-01-26 17:08:28

ansaurus

tags:

views:

answers:

Which protocol? svn:// or http(s):// ?

related questions