subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nico Kadel-Garcia <>
Subject Re: Push ?
Date Tue, 17 Sep 2013 12:11:07 GMT
On Mon, Sep 16, 2013 at 4:51 PM, Les Mikesell <> wrote:

> On Mon, Sep 16, 2013 at 2:53 PM, Dan White <> wrote:
> > The described solution is one we already use within our network space,
> but
> > Security will not allow a connection from DMZ to the internal SVN server.
> > It violates the whole purpose of having a DMZ in the first place.
> >
> There is always the trick of ssh-ing a command from inside the
> firewall to the DMZ box that (a) sets up port-forwarding and (b) runs
> the svn command as though the repo is on localhost.  Technically, and
> from the firewall's point of view, the connection is established
> outbound.

This is also a firing offense in many environments. I once had a chief
developer, with various root SSH key access, running just such tunnels to
and from his home machine, tunnels that I happened to notice. He was also
using non-passphrase protected SSH keys, and had *built* the previous
version of Subversion in use at that company. Given the secure data he had
access to this way, from offsite, it caused a serous scandal behind closed
doors, (And I replaced that Subversion with a source controlled one, owned
by "root", instead of the one owned by him individually!)

View raw message