tags:

views:

35

answers:

1
+1  Q: 

What is the "enterprise" best practice for SVN security?

(Specifically for VisualSVN.) Should you use SVN authentication or Windows integrated authentication?

Correct if anything here is wrong, but...

The issue with SVN auth is that the administrator basically either has to have the dev come over to type their own password in when their account is created, or they have to create a password for them (so they know the dev's password). But of course, the SVN server admin can access their code anyway because they have full access to the repository itself, so does it matter?

If you're using Windows integrated auth, I believe(?) this means you're giving the devs full access accounts on the SVN server (which I can see anal auditors calling a bad practice depending on what else is running there).

So which type of auth is considered better for a large organization? Does it matter?

+1  A: 

Hosting SVN on Apache with DAV (dav_module, dav_svn_module) and AUTHZ (authz_svn_module) and SSPI (sspi_auth_model), means you can validate user-requests against the domain controller. This means everyone with a domain user account can get access, the password policy and reset procedure is already nicely defined (and maintained by someone else), and your admin overhead is really low.

You do still need to define who's in what group, what each group is granted, and what the default access level is, but that's pretty trivial and doesn't involve you knowing their password, just their username.

For example on one of our servers, the default is read access (anyone who can login to the domain can login to the SVN server and view content), while a select group of users (developers) are granted rights to commit/lock/write changes.

Rudu  2010-10-08 17:47:17
I guess not everyone is familiar with VisualSVN, but I guess the capabilities are a little different? I'm not sure if 'Windows integration' refers to local accounts on the server or domain accounts. There doesn't seem to be any configuration specific to domain user accounts within VisualSVN.
Ajax Sucks  2010-10-08 18:11:12
"VisualSVN is a Subversion (SVN) client, implemented as an add-in for Microsoft Visual Studio". {We use TortoiseSVN instead} ... unless of course you mean **VisualSVN Server** which is something different.
Rudu  2010-10-08 19:23:15
Yes, I do mean VisualSVN Server, sorry.
Ajax Sucks  2010-10-08 22:13:01

related questions

Best strategy to write hooks for subversion in Windows
Database Version Control
Version control PHP Web Project
Experience with SVN vs. Team Foundation Server?
Best SVN Client Ignore Pattern for VB.NET Solutions?
SVN merge merged extra stuff
What is your favorite web app deployment workflow with SVN?
Integrating Fogbugz with TortoiseSVN with no URL/Subversion backend
Version Control. Getting started...
ASP.NET Display SVN Revision Number
How do I create a branch in SVN?
What do the result codes in svn mean?
Could you recommend a good free project hosting website?
Federated (Synced) Subversion servers?
Mechanisms for tracking DB schema changes
What are the advantages of using SVN over CVS?
Use SVN Revision to label build in CCNET
Best subversion client for Mac OS
Why is Git better than Subversion?
ASP.NET, Visual Studio and Subversion - how to integrate?
Best Practice: Collaborative Environment, Bin Directory, SVN
How do I sync the SVN revision number with my ASP.NET web site?
Best Subversion clients for Windows Vista (64bit)
Good branch/merge tutorials for Tortoise SVN?
How can you get Subclipse in Aptana to work with the newest release of Subversion?