On 7/16/11 1:35 PM, David Mehler wrote: > I've done some more reading/googling and from what i'm seeing high > security isn't doable with svnserve even with sasl, passwords from the > client need to be stored on disk plain, this isn't desirable in my > case. Yes, that's why there is the ssh+svn variation. But the client plain text password on disk is more of a linux issue. The windows and mac clients use OS facilities to keep the password encrypted and only accessible by that user. > Do you host a repository via apache? The problem I'm having is not > it's ease of setup, I can do that, the issue is one of data > visibility. I'm not wanting someone to be able to go to > http://domain.com/svn/project1 and see trunk code. I know that I can > use basic authentication to prevent this, but would rather the repo > not be viewable at all to any anonymous users. The repos where I use http do have anonymous read access (but behind a firewall). If I didn't want that I'd use basic auth with 'require valid-user' for the location - and probably force https use so the password exchange would be encrypted. Some other parts of the company use https with a client certificate requirement in addition to the password. I don't have access to that configuration but I don't think it would be difficult other than maintaining per-client certificates if you don't already have infrastructure for that. -- Les Mikesell lesmikesell at gmail.com