Subversion Repository Security | 4 Security Configurations | Choose One
Subversion Repository Security Configuration
- a Maximum Security Configuration
- a Good Security Configuration
- an Open Source Security Configuration
- a Weak (But Simple) Security Configuration
Maximum Security Configuration
For maximum read/write security to a repository in a cloud you should access it by setting up a secure ssh tunnel using your
.pem ssh key. To create the tunnel the command looks like this
ssh -i <<path-to-pem-file.pem>> ubuntu@ec2<<ip-address-numbers-plus-zone>>.amazonaws.com -L8080:ec2<<ip-address-numbers-plus-zone>>.amazonaws.com:80
After this command you have a SSH tunnel to your repository. You access it from your local 8080 port. The url will look like this.
Good Security Configuration
A good security configuration uses two things
- https – Secure Sockets Layer Protocol
- SSH Keys for authentication to the repository
This configuration does not require that you setup a SSH tunnel every time you connect. You can just connect with your browser or IDE as long as you have set up the ssh keys correctly.
Open Source Security Configuration
As I work in the open source arena, I want my repositories to be readable by all. But I constrain who can write to it. It is just like a web page that you want everyone to see but only a few to change. For this I use the https secure protocol and basic authentication for those that need write access to the repository.
You must enforce HTTPS. There is a blog for this. This will protect your repository write access passwords. This security is the same as that for a web page. It is good enough for me – but you must choose your poison depending on what exactly you are trying to protect.
The Weakest Configuration
If you are learning to setup a local Subversion repository within the safety of your home you can start with the smallest thing that works. This would be
- No Authentication (Basic or SSH Keys)
- No HTTPS secure sockets protocol – just http
- No Repository Write Protection – All can read and write
We all have to start somewhere. And this is a good a place as any.