14

Currently I am using VisualSVN Server and it's only accessible on my home network. Eventually there will be others accessing it, but for now it's just me and I would like to be able to go down to the coffee shop (or wherever) and be able to work away from the house.

Currently I'm accessing the server at http://user-pc:xx/svn/Projects/. When I setup my router to forward port XX to my server, what steps should I take to secure the server?

Keep in mind that I am doing this on Windows and while I use the regular command prompt extensively, I haven't been on SVN very long and haven't used anything other than TortoiseSVN to work with it up to this point.

Edit: The only harmful thing an attacker could do, that I'm aware of, is to: guess my port number, username, and password to get into the repository. However as the saying goes, I don't know what I don't know.

So I'm not necessarily asking for step by step instructions (although I would certainly like to have that too) as much as what things I need to keep in consideration for any kind of attack that could be made once the port is open.

bahrep
  • 706
Brandon Moore
  • 466
  • 2
  • 6
  • 17

3 Answers3

8
  1. Use https on server side, not plain http (AuthType Basic is interceptable) of use Digest auth (have to configure Apache by hand)
  2. Use (free) CA-issued cert on server, not self-signed (you can use self-signed cert, but will have (?) to verify it by eye every time)
  3. Maintain up-to-date VisualSVN Server version (with fixes for possible problems in Apache and|or SVN itself)
  4. Enable logging in httpd.conf for security-audit (no logging by default in VisualSVN Server)
Lazy Badger
  • 3,157
7
  1. Use good password strength to secure the VisualSVN server
  2. Use a higher port for the server e.g. 39517 instead of the default port 80 or 443. Makes it harder for an attacker to guess. The attacker would have to rely on a port scan.
  3. VisualSVN server will not allow anonymous access. You need to explicitly define users.
  4. Give user access only to people you know/trust.
One-One
  • 186
  • 2
  • 8
0

I would recommend using ssh access to your svn server. I personally prefer public/private key authentication.

Even with that, desaivv's suggestions are also things that I would recommend.