views:

29

answers:

2

I was reading the Red Bean book and noticed this paragraph:

Do not be seduced by the simple idea of having all of your users access a repository directly via file:// URLs. Even if the repository is readily available to everyone via a network share, this is a bad idea. It removes any layers of protection between the users and the repository: users can accidentally (or intentionally) corrupt the repository database, it becomes hard to take the repository offline for inspection or upgrade, and it can lead to a mess of file permission problems (see the section called “Supporting Multiple Repository Access Methods”). Note that this is also one of the reasons we warn against accessing repositories via svn+ssh:// URLs—from a security standpoint, it's effectively the same as local users accessing via file://, and it can entail all the same problems if the administrator isn't careful.

I realized that, since I'm the only one accessing the repository, ever, none of these caveats seem to apply. Can I safely down svnserve then and only ever have to worry about upgrading my TortoiseSVN client, not both the client and the server whenever there's a new version out?

(I've tried it already--just needed to use the Relocate feature to switch from svn:// to file://--but I wanted to make sure something wouldn't be sneaking up on me if I left it this way.)

+2  A: 

Yes. These warnings do not apply if you are the only one ever accessing the repository.

Kevin Panko
+1  A: 

I've been using SVN with Tortoise and Slik Subversion clients using the single-user file:// urls for a couple of years now, with absolutely zero problems. But if you ever, ever think you will need multi-user access, you need to use one of the server access methods - don't be tempted to put a file:// repository on a shared network drive.

anon