[SlugLUG] Remote SVN Security

[Eric Carter]

I'm planning to switch my hosting plan to Dreamhost.com, and I plan to use
their SVN setup. Currently I'm storing source code and all of the "My
documents" kind of stuff  in my local SVN repository. I use it to keep
recent versions of all my documents across multiple computers/OS's (although
not my entire home directory, since there's a lot of stuff in there that's
specific to each machine.)* As it is, the SVN is local to the LAN and fairly
obscure in the big scheme of things. I'm a little concerned that moving to a
web hosting provider that providers thousands of easily accessible SVN's
that I may be setting myself up as a slightly larger target for security
issues.

Dreamhost's sales staff has assured me that their repositories are safe for
sensitive data as long as I use https or svn:// tunneled over SSH. Does
anyone on the list disagree? Does anyone have any specific vulnerabilities I
should keep an eye out for? Or recommend any SVN security guides (I've
already googled a bit, but if you have a favorite, speak up)?

SVN has a fairly decent reputation for security if setup correctly, and it's
used to store lots of private code, but are there any things just about SVN
that I should keep in mind?

Thanks,
EC



*I'm fairly content with this solution, and don't have the time right now in
my life to implement something else, so no need to make suggestions on this
point, unless your suggestion both improves security and takes less than 30
minutes to setup.