Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Security: Subversion and Apache2 |
|
| Author |
|
Adam35413
Joined: 13 Apr 2008
Posts: 3
|
 Posted: Sun 13 Apr '08 23:46 Post subject: Security: Subversion and Apache2 |
 |
|
| I am new to Apache2 and subversion, and I had a security related question. Are there any security implications with having a SVN repository as my published apache2 host directory? I would like to have SVN setup so that if a contributor commits a change, it will be reflected on my webserver when I do an update on the server directory. |
|
| Back to top |
|
tdonovan
Moderator
Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA
|
| Posted: Tue 15 Apr '08 15:56 Post subject: |
|
|
I don't think you could really mean "having a SVN repository as my published apache2 host directory"
- the Subversion repository itself doesn't have files in it that Apache can read.
Perhaps you mean to checkout a Subversion working copy, e.g.svn co {repositoryURL} \Apache2\htdocs and then update this working copy periodically with:svn update \Apache2\htdocs There should be no security issues using a Subversion working copy as your document root, presuming that you want to give your users read access to all the files in it.
Another possibility is that you plan to use the Apache modules mod_dav_svn and mod_authz_svn to allow access to your repository through Apache.
If you do it this way, be sure to follow the Apache Authentication and Authorization instructions in the "Version Control with Subversion" book.
-tom- |
|
| Back to top |
|
Adam35413
Joined: 13 Apr 2008
Posts: 3
|
| Posted: Tue 15 Apr '08 17:17 Post subject: |
|
|
Yes, I did mean a working copy, e.g. svn co. Thank you for the correction.
Ok, that is good to know. Thanks for the information! Being able to use the checked out code as my webpage will help a lot. |
|
| Back to top |
|
solsson
Joined: 22 Jan 2008
Posts: 2
|
| Posted: Tue 15 Apr '08 20:47 Post subject: |
|
|
If you have working copies inside document root you may want to use
<Location ~ ".*/\.svn.*">
Deny from all
</Location>
This stops access to the subversion client's metadata folder. Those folders are the only difference between "svn co" and "svn export".
It is also possible to use a repository for hosting static contents. If you configure a Location with mod_dav_svn, all files are accessible using plain GET. If you set proper svn:mime-type property values on html, js, css, and images, it works like checked out static contents. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Tue 15 Apr '08 21:20 Post subject: |
|
|
A simple working example
httpd.conf (or include)
| Code: |
<Location /svn/>
DAV svn
SVNListParentPath on
SVNParentPath /Repositories/
SVNIndexXSLT "/svnindex.xsl"
SVNPathAuthz on
AuthzSVNAccessFile "C:/Repositories/authz"
AuthName "Subversion Repositories"
AuthType Basic
AuthUserFile "C:/Repositories/htpasswd"
require valid-user
</Location>
|
authz
| Code: |
#[main:/]
#* = r
#username = rw
# Enable read/write access for all authenticated users
[/]
* = r
mario = rw
|
the htpasswd is a a normal apache user/password file
Mario |
|
| Back to top |
|
|
|
|
|
|
