[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] db kill_rev_locally

From: Ethan Blanton
Subject: Re: [Monotone-devel] db kill_rev_locally
Date: Sat, 11 Oct 2008 19:05:19 -0400
User-agent: Mutt/1.5.17+20080114 (2008-01-14)

Daniel Carrera spake unto us the following wisdom:
>> In general, yes, audit trails are great -- but make sure your
>> prevention and detection match the threat model you're supposing.
> See my last email. There are standard ways to avoid modification of the  
> database file through anything but 'mtn'.

Yeah, our emails crossed; I didn't realize you were trying to optimize
for ssh serving of monotone databases.

Serving a monotone database over ssh is not really a solution, it has
a number of drawbacks (mostly stemming from the fact that monotone is
really Not Very Good at sharing database access).  If you have to
serve through ssh, you'd be much better off starting a netsync server
somewhere on a localhost port, and tunneling that port through ssh.
That will take care of both concurrency and your security concerns in
a much cleaner fashion.

Of course, you can also build a modified monotone binary to simply not
offer most of the 'db' commands.


The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
                -- Cesare Beccaria, "On Crimes and Punishments", 1764

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]