Protected/secure SVN

[D Ste <dj...@gmail.com>]

Hi,

I would like to set up SVN to store confidential documents.
I have secured the pipe communication with HTTPS/SSL.  To avoid
unauthorized users (even with root access) accessing documents from within
the server, I would like to protect the SVN linux folder/files with
encryption.

Are there any ways to secure the SVN using protected folders or encryption?
So only authorized users can access these confidential documents.

Thanks in advance for your helps.

RE: Protected/secure SVN

["Grierson, David" <Da...@sky.uk>]

If a user has root access to your host then nothing is going to be completely secure on that host.

The encryption key could potentially be read from memory or the resulting decrypted repository contents from memory.

If you don't trust your root users then you've got bigger problems regarding the storage of contents on that host.

Dg.
________________________________
--
David Grierson - SDLC Tools Specialist
Sky Broadcasting - Customer Business Systems - SDLC Tools
Email: david.grierson@sky.uk
Watermark Building, Alba Campus, Livingston, EH54 7HH


From: D Ste [mailto:djiratest@gmail.com]
Sent: 12 May 2015 13:30
To: users@subversion.apache.org
Subject: Protected/secure SVN

Hi,

I would like to set up SVN to store confidential documents.
I have secured the pipe communication with HTTPS/SSL.  To avoid unauthorized users (even with root access) accessing documents from within the server, I would like to protect the SVN linux folder/files with encryption.

Are there any ways to secure the SVN using protected folders or encryption? So only authorized users can access these confidential documents.

Thanks in advance for your helps.

Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky plc and Sky International AG and are used under licence. Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of Sky plc (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD.

Re: Protected/secure SVN

[jb...@icloud.com]

> On May 12, 2015, at 8:45 AM, jblist@icloud.com wrote:
> 
> 
>> On May 12, 2015, at 5:30 AM, D Ste <dj...@gmail.com> wrote:
>> 
>> Hi,
>> 
>> I would like to set up SVN to store confidential documents. 
>> I have secured the pipe communication with HTTPS/SSL.  To avoid unauthorized users (even with root access) accessing documents from within the server, I would like to protect the SVN linux folder/files with encryption.   
>> 
>> Are there any ways to secure the SVN using protected folders or encryption? So only authorized users can access these confidential documents. 
>> 
>> Thanks in advance for your helps.
>> 
> 
> 
> You could encrypt the documents before commiting them into the repository, but that would eliminate the benefit of storing deltas and being able to perform comparisons between revisions even for authorized users.
> 
> For file-level encryption, I would recommend something like GnuPG. You would need to build into your workflow the encryption/decryption steps from within your working copies. It will be cumbersome at best.
> 
> 


Also, even if there were a server-side encryption possible, the encryption key would need to be stored on the server itself. Since you are in a situation where you cannot trust your system administrators, who would have access to the key as well, your purpose would be defeated by such a configuration. Therefore, you are limited to client-side encryption. To avoid the other problems of shared-key encryption systems, your best bet is asymmetric encryption.

Re: Protected/secure SVN

[jb...@icloud.com]

> On May 12, 2015, at 5:30 AM, D Ste <dj...@gmail.com> wrote:
> 
> Hi,
>  
> I would like to set up SVN to store confidential documents. 
> I have secured the pipe communication with HTTPS/SSL.  To avoid unauthorized users (even with root access) accessing documents from within the server, I would like to protect the SVN linux folder/files with encryption.   
>  
> Are there any ways to secure the SVN using protected folders or encryption? So only authorized users can access these confidential documents. 
>  
> Thanks in advance for your helps.
>  


You could encrypt the documents before commiting them into the repository, but that would eliminate the benefit of storing deltas and being able to perform comparisons between revisions even for authorized users.

For file-level encryption, I would recommend something like GnuPG. You would need to build into your workflow the encryption/decryption steps from within your working copies. It will be cumbersome at best.

Re: Protected/secure SVN

[Nico Kadel-Garcia <nk...@gmail.com>]

On Tue, May 12, 2015 at 8:30 AM, D Ste <dj...@gmail.com> wrote:
> Hi,
>
> I would like to set up SVN to store confidential documents.
> I have secured the pipe communication with HTTPS/SSL.  To avoid unauthorized
> users (even with root access) accessing documents from within the server, I
> would like to protect the SVN linux folder/files with encryption.

Thee are a stack of problem not unique to Subversion:

1) Whoever has your backups owns your content. This can be reduced
with encrypted filesystems and encrypted backups, but it's a basic
service side problem.
2) Subversion clients still save passphrases by default, with no way
for the server to force clients to use mandatory password entry or
force client-side wallet based encryption. Until and unless someone
gets something working like multi-user svn+ssh based access with
Kerberos tickets, or wields genuine Kerberos tickets into svnserve or
enforces Kerberos ticket use for Apache access, almost all setups will
leave you vulnerable to clients storing credentials poorly. Even SSH
key based or SSL key based access doesn't solve this problem, because
clients can and will store their credentials without protections, no
matter what you tell them and no matter what you have them sign.
3) Actually storing encrypted files in SVN will inevitably mean
storing binaries. Each small change in such a file will inevitably
involve a large difference form the previously stored encrypted file,
meaining a lot of resources for every change. and Subversion is
*horrible* about expiring old, unwanted files. The "svn obliterate" is
one of the most requested features, and has been consistently rejected
since..... well, since its first releases over a decade ago.

> Are there any ways to secure the SVN using protected folders or encryption?
> So only authorized users can access these confidential documents.
>
> Thanks in advance for your helps.

Yes, but there are limits. Be aware of them.