Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We plan to migrate our SVN server from LAN to Internet.
We need to convince our management, that our setup is secure enough.
Is there any SVN server security scanning tool, to check on the security level of our SVN server?
Thanks. We are using Windows.
using Nessus or OpenVAS(A more free version of Nessus) it is easy to test for known vulnerabilities all Daemon process running on a server(like ssh, Apache or SVN). Load up Nessus or OpenVAS, set the target as your SVN server and enable all plugins. Should take about 15 minutes and it will give you a detailed report.
The most secure way to use SVN over the open internet is svn+ssh and authenticate using SSH keys instead of passwords. However this requires you to setup keys for every developer. Throwing usernames/passwords and source code over the internet in plain text is a (!!!!)EXTREMELY(!!!!) bad idea. At the very least you must make sure you use SVN+HTTPS with a real certificate which will cost you ~$30 a year. Disable http all together, you don’t want a developer to accidentally connect via HTTP.