[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cvs.debian.org problem

On Thu, Jan 30, 2003 at 11:58:59PM -0500, Matt Zimmerman wrote:

> Currently, the only secure access method for subversion is to use a local
> repository.  cvs can be quite reasonably secured using rsh-tunneled
> operation with ssh, while the only network option for subversion is https,
> and subversion does not verify server certificates, leaving the door open
> for a man-in-the-middle attack.

For network access, subversion uses WebDAV (with DeltaV) which is an
extension of HTTP specifically designed to also work with HTTPS and proxies
and such. As such, it is as secure from attacks such as man-in-the-middle as
the SSL implementation. Subversion is also self-hosting, using WebDAV, over
HTTP. WebDAV is RFC 2518, HTTP Extensions for Distributed Authoring. The V
was originally for Versioning, but it was separated into RFC 3253. Both
WebDAV and DeltaV are true extensions to HTTP in that they don't change the
semantics of existing HTTP commands.

subversion: subversion.tigris.org
WebDAV & DeltaV: www.webdav.org

> > My assumption and understanding was that svn was better (i.e. more
> > restrictive) about this.

> I believe it is possible with subversion to grant meaningful read-only
> repository access, which would be better than what pserver gives you for
> anonymous users.

It is. In fact, subversion's 'read-only' access through WebDAV is simply
'HTTP' :) The 'properties' and 'history' features are of course only
available to real WebDAV/DeltaV/subversion clients, but even then you don't
have to support everything. You can always browse the trunk by using a
simple webbrowser:

http://svn.collab.net/repos/svn/trunk/

Just like you can always get the properties attached to files using a WebDAV
client:

debian:~ > cadaver http://svn.collab.net/repos/svn/trunk/
Looking up hostname... Connecting to server... connected.
dav:/repos/svn/trunk/> propget BUGS
Fetching properties for `BUGS': (reconnecting...done)
eol-style = native
resourcetype =
getcontentlength = 4291
getcontenttype = text/plain
getetag = "4371//trunk/BUGS"
creationdate = 2003-01-13T22:43:13.497183Z
getlastmodified = Mon, 13 Jan 2003 22:43:13 GMT
[...etc...]

(and that's all without write access.) DeltaV is the WebDAV extention for
versioning, and also works transparently: if you use a WebDAV client that
doesn't know about versioning (such as cadaver or MS Office, for example) to
store data in a WebDAV/DeltaV (or subversion) repository, it will get
treated as a normal add/commit. (Provided you have write access, of course.)

I don't think the HTTP server needs write access to the repository (which is
a transactioned berkeley db file) at all (for read-only operation), so you
could set up a 'read-only' WebDAV/subversion server and do modifications
using a different WebDAV server, or using the local-client or ssh-tunnelling
method. If you're really paranoid (which is good), you can setup the
readonly server on a different machine and just rsync the repository every
now and then.

Oh, and there are tools to convert CVS repositories to subversion, while
retaining logs and dates.

-- 
Thomas Wouters <thomas@xs4all.net>

Hi! I'm a .signature virus! copy me into your .signature file to help me spread!
Reply to: