tags:

views:

107

answers:

4

I'm considering using a third party hosting company to house an SVN repository. (I'm looking at Dreamhost but this may apply to other hosts as well.)

The hosting company sets up the repository at http://svn.yourdomain.com/path. The problem I have noticed is that anyone could come along and export the files using:

svn export http://svn.yourdomain.com/path

Obviously I will need to export the files myself, but is there a way to secure this on a shared host so others don't have the ability to export this over http? Or is the real solution to manage your own SVN server?

Thanks for your thoughts.

+1  A: 

Subversion has a built-in ACL system. Your repository is going to be protected by a username/login challenge.

Authentication is pretty fine-grained, you can specify read / commit / both access for every single directory in the repository.

Pekka
+1  A: 

Dreamhost allow you to password protect your repository. As should any other host that you're paying for (some of the free ones won't let you).

RaptorFactor
Yes, I have tried their password option and it does protect if you try to access the directory through the browser. However,I've found that issuing an svn export command from the command line does not require authentication.
+1  A: 

With DreamHost, you can easily setup username/password protection using this guide. (See point 3.3) However, I don't know how secure this is, as I believe it uses basic HTTP authentication, which transmits credentials in plain text.

Peter
+2  A: 

From your other comments, you are running into Subversion caching your authentication. See the section in the book that covers caching of passwords.

larrys
Thank you. I think this is the issue.