Trac and closed source

Question

I'm working on a closed source (for now) project that I'd like to write a wiki and ticket system about. Trac has a well-integrated wiki and bug/issue-tracking system, and has good integration with Subversion. Webfaction offers Subversion, Trac and a whole lot of programmer-friendly options in a web host. So I'm seriously thinking of using Trac for my project.

One thing concerns me though.

How secure is Trac when I remove permissions to view the sources from various Trac groups? Is there a significant chance that any closed source hosted in the linked Subversion instance would leak out through Trac?

Any of you used Trac for closed source before? What were your experiences?

Answer 1

I'm actually using a Track /Subversion setup through Webfaction for a closed-source project. The configuration of Trac is really just a front end for Subversion, so ultimately it will be dependent on Subversion's security (e.g. the .authz file).

A plugin (nothing more than a front end) that will help you in your journey of security configuration:

• http://trac-hacks.org/wiki/TracSvnAuthzPlugin

Answer 2

Im using the same setups and the solution i am using is to host the trac as a subdomain - trac.mysite.tdl and svn.mysite.tdl then simply use .htaccess and .htpasswd to secure both of these subdomains to known users.