views:

373

answers:

2

I'm working on a closed source (for now) project that I'd like to write a wiki and ticket system about. Trac has a well-integrated wiki and bug/issue-tracking system, and has good integration with Subversion. Webfaction offers Subversion, Trac and a whole lot of programmer-friendly options in a web host. So I'm seriously thinking of using Trac for my project.

One thing concerns me though.

How secure is Trac when I remove permissions to view the sources from various Trac groups? Is there a significant chance that any closed source hosted in the linked Subversion instance would leak out through Trac?

Any of you used Trac for closed source before? What were your experiences?

+2  A: 

I'm actually using a Track /Subversion setup through Webfaction for a closed-source project. The configuration of Trac is really just a front end for Subversion, so ultimately it will be dependent on Subversion's security (e.g. the .authz file).

A plugin (nothing more than a front end) that will help you in your journey of security configuration:

torial
A: 

Im using the same setups and the solution i am using is to host the trac as a subdomain - trac.mysite.tdl and svn.mysite.tdl then simply use .htaccess and .htpasswd to secure both of these subdomains to known users.