[CentOS] svnserve with encryption on CentOS

Sun Jul 17 16:33:15 UTC 2011
Les Mikesell <lesmikesell at gmail.com>

On 7/16/11 1:35 PM, David Mehler wrote:

> I've done some more reading/googling and from what i'm seeing high
> security isn't doable with svnserve even with sasl, passwords from the
> client need to be stored on disk plain, this isn't desirable in my
> case.

Yes, that's why there is the ssh+svn variation.  But the client plain text 
password on disk is more of a linux issue.  The windows and mac clients use OS 
facilities to keep the password encrypted and only accessible by that user.

> Do you host a repository via apache? The problem I'm having is not
> it's ease of setup, I can do that, the issue is one of data
> visibility. I'm not wanting someone to be able to go to
> http://domain.com/svn/project1 and see trunk code. I know that I can
> use basic authentication to prevent this, but would rather the repo
> not be viewable at all to any anonymous users.

The repos where I use http do have anonymous read access (but behind a 
firewall).  If I didn't want that I'd use basic auth with 'require valid-user' 
for the location - and probably force https use so the password exchange would 
be encrypted.  Some other parts of the company use https with a client 
certificate requirement in addition to the password.  I don't have access to 
that configuration but I don't think it would be difficult other than 
maintaining per-client certificates if you don't already have infrastructure for 
that.

-- 
   Les Mikesell
    lesmikesell at gmail.com