SVN access/security concern
https://stackoverflow.com/questions/2434787
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm considering using a third party hosting company to house an SVN repository. (I'm looking at Dreamhost but this may apply to other hosts as well.)
The hosting company sets up the repository at http://svn.yourdomain.com/path. The problem I have noticed is that anyone could come along and export the files using:
svn export http://svn.yourdomain.com/path
Obviously I will need to export the files myself, but is there a way to secure this on a shared host so others don't have the ability to export this over http? Or is the real solution to manage your own SVN server?
Thanks for your thoughts.
Solution
From your other comments, you are running into Subversion caching your authentication. See the section in the book that covers caching of passwords.
OTHER TIPS
Subversion has a built-in ACL system. Your repository is going to be protected by a username/login challenge.
Authentication is pretty fine-grained, you can specify read / commit / both access for every single directory in the repository.
Dreamhost allow you to password protect your repository. As should any other host that you're paying for (some of the free ones won't let you).
With DreamHost, you can easily setup username/password protection using this guide. (See point 3.3) However, I don't know how secure this is, as I believe it uses basic HTTP authentication, which transmits credentials in plain text.
