On 7/16/11 1:35 PM, David Mehler wrote:
I've done some more reading/googling and from what i'm seeing high security isn't doable with svnserve even with sasl, passwords from the client need to be stored on disk plain, this isn't desirable in my case.
Yes, that's why there is the ssh+svn variation. But the client plain text password on disk is more of a linux issue. The windows and mac clients use OS facilities to keep the password encrypted and only accessible by that user.
Do you host a repository via apache? The problem I'm having is not it's ease of setup, I can do that, the issue is one of data visibility. I'm not wanting someone to be able to go to http://domain.com/svn/project1 and see trunk code. I know that I can use basic authentication to prevent this, but would rather the repo not be viewable at all to any anonymous users.
The repos where I use http do have anonymous read access (but behind a firewall). If I didn't want that I'd use basic auth with 'require valid-user' for the location - and probably force https use so the password exchange would be encrypted. Some other parts of the company use https with a client certificate requirement in addition to the password. I don't have access to that configuration but I don't think it would be difficult other than maintaining per-client certificates if you don't already have infrastructure for that.