Subversion security

Question

Subversion security

What's the best practice for setting up a secure subversion server? We are currently using visualsvn server with active directory implementation and https. Now we want to provide connectivity from outside the firewall. what is this security risk? is it possible to prevent brute force attacks to enter?

hello Roland

+2

svn visualsvn-server

Roland Sep 30 09 at 13:40

source to share

3 answers

We use svn + ssh and encourage the use of paraphrases on keys. If you can, use an alternate SSH port instead of 22.

+2

Chief AG Sep 30 09 at 13:50

source to share

I have used apache with mod_dav_svn. The VisualSVN server uses Apache. You will have no problem working with the VisualSVN client. Then, you can secure the SVN like any other web resource. You can even use SSL. This assumes basic auth. You can use anything, including LDAP and ActiveDirectory for authorization.

<Location /svn>
  DAV svn
  SVNParentPath /usr/local/svn
  AuthType Basic
  AuthName "Subversion repository"
  AuthUserFile /etc/svn-auth-file
  Require valid-user
</Location>

More details here

+2

sal Sep 30 At 13:57

source to share

Jim T · Accepted Answer · 2009-09-30T16:03:49+0000

If you are using Active Directory Authentication - I have to hope that the brute force attack will be thwarted by the regular windows system to lock out accounts that have had too many password failures.

What kind of access do you provide through the firewall? If it's developer access (work from home), you can use a VPN. If it's read-only, you might consider hosting a mirror instead of the main server.

Subversion security

More articles: