tags:

views:

107

answers:

4
Q: 

SVN access/security concern

I'm considering using a third party hosting company to house an SVN repository. (I'm looking at Dreamhost but this may apply to other hosts as well.)

The hosting company sets up the repository at http://svn.yourdomain.com/path. The problem I have noticed is that anyone could come along and export the files using:

svn export http://svn.yourdomain.com/path

Obviously I will need to export the files myself, but is there a way to secure this on a shared host so others don't have the ability to export this over http? Or is the real solution to manage your own SVN server?

Thanks for your thoughts.

+1  A: 

Subversion has a built-in ACL system. Your repository is going to be protected by a username/login challenge.

Authentication is pretty fine-grained, you can specify read / commit / both access for every single directory in the repository.

Pekka  2010-03-12 18:07:20
+1  A: 

Dreamhost allow you to password protect your repository. As should any other host that you're paying for (some of the free ones won't let you).

RaptorFactor  2010-03-12 18:07:51
Yes, I have tried their password option and it does protect if you try to access the directory through the browser. However,I've found that issuing an svn export command from the command line does not require authentication.
 2010-03-12 18:19:30
+1  A: 

With DreamHost, you can easily setup username/password protection using this guide. (See point 3.3) However, I don't know how secure this is, as I believe it uses basic HTTP authentication, which transmits credentials in plain text.

Peter  2010-03-12 18:09:34
+2  A: 

From your other comments, you are running into Subversion caching your authentication. See the section in the book that covers caching of passwords.

larrys  2010-03-12 18:37:35
Thank you. I think this is the issue.
 2010-03-12 18:42:33

related questions

Best strategy to write hooks for subversion in Windows
Database Version Control
Version control PHP Web Project
Experience with SVN vs. Team Foundation Server?
Best SVN Client Ignore Pattern for VB.NET Solutions?
SVN merge merged extra stuff
What is your favorite web app deployment workflow with SVN?
Integrating Fogbugz with TortoiseSVN with no URL/Subversion backend
Version Control. Getting started...
ASP.NET Display SVN Revision Number
How do I create a branch in SVN?
What do the result codes in svn mean?
Could you recommend a good free project hosting website?
Federated (Synced) Subversion servers?
Mechanisms for tracking DB schema changes
What are the advantages of using SVN over CVS?
Use SVN Revision to label build in CCNET
Best subversion client for Mac OS
Why is Git better than Subversion?
ASP.NET, Visual Studio and Subversion - how to integrate?
Best Practice: Collaborative Environment, Bin Directory, SVN
How do I sync the SVN revision number with my ASP.NET web site?
Best Subversion clients for Windows Vista (64bit)
Good branch/merge tutorials for Tortoise SVN?
How can you get Subclipse in Aptana to work with the newest release of Subversion?