Subversion Repository Security | 4 Security Configurations | Choose One

Subversion Repository Security Configuration

We've outlined 4 security configurations to help you secure your Subversion repository (or other similar middleware services).

  1. a Maximum Security Configuration
  2. a Good Security Configuration
  3. an Open Source Security Configuration
  4. a Weak (But Simple) Security Configuration

Maximum Security Configuration

For maximum read/write security to a repository in a cloud you should access it by setting up a secure ssh tunnel using your .pem ssh key. To create the tunnel the command looks like this

ssh -i <<path-to-pem-file.pem>> ubuntu@ec2<<ip-address-numbers-plus-zone>> -L8080:ec2<<ip-address-numbers-plus-zone>>

After this command you have a SSH tunnel to your repository. You access it from your local 8080 port. The url will look like this.


Good Security Configuration

A good security configuration uses two things

  1. https – Secure Sockets Layer Protocol
  2. SSH Keys for authentication to the repository

This configuration does not require that you setup a SSH tunnel every time you connect. You can just connect with your browser or IDE as long as you have set up the ssh keys correctly.

Open Source Security Configuration

As I work in the open source arena, I want my repositories to be readable by all. But I constrain who can write to it. It is just like a web page that you want everyone to see but only a few to change. For this I use the https secure protocol and basic authentication for those that need write access to the repository.

You must enforce HTTPS. There is a blog for this. This will protect your repository write access passwords. This security is the same as that for a web page. It is good enough for me – but you must choose your poison depending on what exactly you are trying to protect.

The Weakest Configuration

If you are learning to setup a local Subversion repository within the safety of your home you can start with the smallest thing that works. This would be

  1. No Authentication (Basic or SSH Keys)
  2. No HTTPS secure sockets protocol – just http
  3. No Repository Write Protection – All can read and write

We all have to start somewhere. And this is a good a place as any.

Leave a Reply

Your email address will not be published. Required fields are marked *