[svnbook] r4236 committed - * en/book/ch06-server-configuration.xml...

svnbook at googlecode.com svnbook at googlecode.com
Tue Dec 20 11:01:38 CST 2011

Revision: 4236
Author:   cmpilato at gmail.com
Date:     Tue Dec 20 09:01:19 2011
Log:      * en/book/ch06-server-configuration.xml
   Some random improvements: clarify svn+ssh:// security issue, fix/add
   links, clarify man-in-the-middle attack scope.

Patch by: danielsh
           (Tweaked by me.)


--- /trunk/en/book/ch06-server-configuration.xml	Tue Nov  8 08:54:48 2011
+++ /trunk/en/book/ch06-server-configuration.xml	Tue Dec 20 09:01:19 2011
@@ -1365,9 +1365,13 @@
          simply setting <literal>auth-access = read</literal>
          or <literal>auth-access = none</literal>.<footnote><para>Note
          that using any sort of <command>svnserve</command>-enforced
-        access control at all is a bit pointless; the user already has
-        direct access to the repository
-        database.</para></footnote></para>
+        access control at all only makes sense if the users cannot
+        bypass it and access the repository directory directly using
+        other tools (such as <command>cd</command> and
+        <command>vi</command>); implementing
+        such restrictions is described in
+        <xref linkend="svn.serverconfig.svnserve.sshtricks.fixedcmd"
+        />.</para></footnote></para>

        <para>You'd think that the story of SSH tunneling would end
          here, but it doesn't.  Subversion allows you to create custom
@@ -1608,7 +1612,7 @@
        excellent documentation, publicly available on their web site at
        <ulink url="http://httpd.apache.org"/>.  For example, a general
        reference for the configuration directives is located at
-      <ulink url="http://httpd.apache.org/docs-2.0/mod/directives.html"
+      <ulink url="http://httpd.apache.org/docs/current/mod/directives.html"

      <para>Also, as you make changes to your Apache setup, it is likely
@@ -2413,7 +2417,9 @@
          <para>It's beyond the scope of this book to describe how to
            generate client and server SSL certificates and how to
            configure Apache to use them.  Many other references,
-          including Apache's own documentation, describe the  
+          including Apache's own documentation (<ulink
+          url="http://httpd.apache.org/docs/current/ssl/"/>),
+          describe the process.</para>

            <para>SSL certificates from well-known entities generally
@@ -2422,7 +2428,8 @@
              tool such as OpenSSL (<ulink url="http://openssl.org"
              />).<footnote><para>While self-signed certificates are
              still vulnerable to a <quote>man-in-the-middle</quote>
-            attack, such an attack is much more difficult for a casual
+            attack (before a client sees the certificate for the first
+            time), such an attack is much more difficult for a casual
              observer to pull off, compared to sniffing unprotected

More information about the svnbook-dev mailing list