问题
If I am storing my source code in SVN on a shared hosting company, would it be possible to encrypt the content so EVEN if someone does have access to the repo they can't see the source in plain view?
Is there a plugin for this? Otherwise I'd imagine it would be crazy implementing this oneself!
回答1:
The correct answer here is either:
- Find a hosting provider you trust (or one that is compliant if regulatory issue are the problem)
- Host it yourself
If the main concern is having a secure offsite backup, host the repository yourself and use someplace like rsync.net to handle the backup (they are SOX/HIPAA compliant). A cron job that rsyncs everything every 15 minutes should be sufficient. The cron job can encrypt your backup before pushing it. Just don't lose the keys/passwords.
This way Subversion doesn't need to know anything at all about your encryption scheme, and you can go about your work without having to worry about paranoia getting in the way of productivity.
Addenda:
Since you're doing shared hosting, and shared hosts are worthless: Get a dedicated source control host. Do not ever use a shared host for source control. Shared hosts are notorious for losing data and making false claims about data security and backups. Good examples of dedicated source control hosts: CVSDude, Beanstalk, GitHub
回答2:
It's old but i find other solution for this and may help others.
Today you can get some Virtual Provate Servers (VPS) very cheap. ($5/month)
Why VPS? You can install what you want! (Bob Aman's answer have a very good point about shared hosts security)
- Install TrueCrypt or other encryption system.
- Install SVN
- Create the SVN repository into the TrueCrypt Drive/File
- Configure SVN to use a SSH or other secure Data Transfer method.
I configured everything with THIS article: http://cinserely.blogspot.com.br/2010/10/creating-encrypted-subversion.html
How to (4.) http://tortoisesvn.net/sasl_howto.html
回答3:
Mathew's post is for an encrypted filesystem which the hosting provider would have to provide. That's probably the only easy way to do it.
回答4:
The plugin you would like to have would have to be on the client side (Obviously if you do not trust people having access to the hosted repository). Any strong cryptographic algorithm generates big variations in the output from very similar input (due to their high entropy).
That means even if you would have a solution:
- it would be a disaster in terms of performance, both computation time and storage space requirements and network bandwidth use, and
- a disaster in feature loss: server side diffs would be broken for example, you would have to make all operations on the completely decrypted files on the client side.
Weak encryption (mangling the charset for example, that would make diffs usable again) is not safe especially with source code, where braces and brackets and from there loops and any other letters can be extremely quickly decoded.
I hope this proves that going this way is not leading to any possible practical solution. Maybe I am missing something. I am looking forward to reading interesting comments on my answer! :-)
来源:https://stackoverflow.com/questions/1402471/is-it-possible-to-encrypt-the-content-stored-in-svn