subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Branko ─îibej <br...@apache.org>
Subject Re: Secure svnserve?
Date Fri, 25 Nov 2016 10:20:54 GMT
On 25.11.2016 11:11, Olaf van der Spek wrote:
> Hi,
>
> Currently I'm running svnserve on a Debian VM on my PC. I'd like to
> move it to a server on the internet but I don't get how to do this
> securely.
> Svnserve doesn't support encryption, right, so I can't expose it on a
> public port directly.
> I'm aware of Subversion via Apache but I don't run Apache and I don't
> want to give the entire web server access to repos anyway.
> I also don't want to give each SVN user a shell account..
> What's the proper way to do this?

Use stunnel in front of svnserve:

https://www.stunnel.org/


HOWEVER:

You'll also have to put stunnel on every _client_ machine because the
Subversion client does not support encrypte svn:// protocol natively.
Depending on the kinds of clients you support, that could be either very
easy or extremely complex.


> Wouldn't it be good if svnserve supported encryption directly?

It would be a moderately nice-to-have feature, but given that stunnel
exists, it's not necessary. In fact, it's better not to reinvent
security features that are available in existing, mature software.

-- Brane

Mime
View raw message