Putting live board on an SVN repository? What do you think?

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
Post Reply
Yautja_cetanu
Registered User
Posts: 72
Joined: Wed Nov 24, 2004 3:23 pm

Putting live board on an SVN repository? What do you think?

Post by Yautja_cetanu »

We've got a bunch of people managing one live board. Its got a bunch of mods we've developed or we're tweaking (when trying to fix problems for example).

So we're thinking of putting the entire live board's files up in a SVN repository that would be publically available. Obviously we won't put anything in cache, files, stores, images or config.php. But is this an issue? Are there any security issues we haven't thought about?
User avatar
david63
Registered User
Posts: 18582
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Contact:

Re: Putting live board on an SVN repository? What do you think?

Post by david63 »

phpbb.com does not support pre modded boards so if you were to do that then you would have to take on the responsibility of supporting any downloads for the rest of their life as well as ensuring that they were always updated to the current version - that would mean core files and mods.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored
andrewbelcher
Registered User
Posts: 27
Joined: Sat Apr 30, 2005 11:11 am

Re: Putting live board on an SVN repository? What do you think?

Post by andrewbelcher »

Hey, I'm from the same boards... The idea isn't for people to download it pre-modded. The idea is that we can keep track of everything done to our live boards very easily, which would be useful as we develop our mods.

The problem is sourceforge (our SVN host) don't enable you to hide parts of the repositry, so they'd be live... The question is really are there any security problems with putting those files up there - does it pose any risk to data integrity or anything. The only files we could think might are config.php, /cache, /stores, /files and /images... Are there any others that put our boards at risk?
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: Putting live board on an SVN repository? What do you think?

Post by Techie-Micheal »

I think it is very much a good idea, and have even suggested it in the past for people. :)

Personally, I wouldn't bother with worrying about /images (web accessible anyway), /files, I'd recommend having backups of rather than storing on SVN, and /store, don't worry about putting that in SVN as it contains SQL backups (if you choose to put backups there for temporary use ;)). /cache is more or less volatile, so I wouldn't worry about putting it in there. So that leaves config.php. You can have the svn:ignore property on it so it doesn't mess things up. Other than that, it is up to you. Personally, I wouldn't recommend using SF for this particular purpose. What happens if they get compromised? How are you going to verify your site's integrity? How are you going to verify your site's integrity if they have an hd failure or some other hardware failure (which has happened to SF on more than one occasion)?

Just some things to think about. :)
Proven Offensive Security Expertise. OSCP - GXPN
andrewbelcher
Registered User
Posts: 27
Joined: Sat Apr 30, 2005 11:11 am

Re: Putting live board on an SVN repository? What do you think?

Post by andrewbelcher »

Cheers, that's a really useful reply :)

We've been thinking about setting up an SVN repositry on our own server so that we can link in things like bug-trackers etc which SF don't support... But we'd decided against it as we thought it wasn't a good idea to have both our live version and our svn on the same server, due to the posibility of hard drive failures etc...

But thanks - we'll think about it :) Cheers! I do love the support of these forums!
User avatar
igorw
Former Team Member
Posts: 8024
Joined: Fri Dec 16, 2005 12:23 pm
Location: {postrow.POSTER_FROM}
Name: Igor Wiedler

Re: Putting live board on an SVN repository? What do you think?

Post by igorw »

Techie-Micheal wrote:and /store, don't worry about putting that in SVN as it contains SQL backups
I would be very worried if people got access to my SQL backups :o
Igor Wiedler | area51 | GitHub | trashbin | Formerly known as evil less than three
User avatar
A_Jelly_Doughnut
Former Team Member
Posts: 34457
Joined: Sat Jan 18, 2003 1:26 am
Location: Where the Rivers Run
Contact:

Re: Putting live board on an SVN repository? What do you think?

Post by A_Jelly_Doughnut »

Evil<3: Micheal meant "don't spend the effort to put /store/ in SVN", not "don't worry about the effects of putting /store/ in SVN"
A Donut's Blog
"Bach's Prelude (Cello Suite No. 1) is driving Indiana country roads in Autumn" - Ann Kish
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: Putting live board on an SVN repository? What do you think?

Post by Techie-Micheal »

A_Jelly_Doughnut wrote:Evil<3: Micheal meant "don't spend the effort to put /store/ in SVN", not "don't worry about the effects of putting /store/ in SVN"
Yeah. :)
Proven Offensive Security Expertise. OSCP - GXPN
User avatar
igorw
Former Team Member
Posts: 8024
Joined: Fri Dec 16, 2005 12:23 pm
Location: {postrow.POSTER_FROM}
Name: Igor Wiedler

Re: Putting live board on an SVN repository? What do you think?

Post by igorw »

Ah, okay. That wasn't quite clear. My apologies :roll:
Igor Wiedler | area51 | GitHub | trashbin | Formerly known as evil less than three
Yautja_cetanu
Registered User
Posts: 72
Joined: Wed Nov 24, 2004 3:23 pm

Re: Putting live board on an SVN repository? What do you think?

Post by Yautja_cetanu »

Thanks for your advice

hmmm I always thought putting things on soruceforge would be safer then having our own SVN repository :S
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: Putting live board on an SVN repository? What do you think?

Post by Techie-Micheal »

eviL<3 wrote:Ah, okay. That wasn't quite clear. My apologies :roll:
You should hear my double-speak. :D ;) :P Yeah, I'm not even sure how I came up with such a paragraph going back and reading it again. Sorry about that.
Proven Offensive Security Expertise. OSCP - GXPN
User avatar
Highway of Life
Former Team Member
Posts: 6048
Joined: Wed Feb 02, 2005 5:41 pm
Location: Seattle, WA
Name: David Lewis
Contact:

Re: Putting live board on an SVN repository? What do you think?

Post by Highway of Life »

Yautja_cetanu wrote:We've got a bunch of people managing one live board. Its got a bunch of mods we've developed or we're tweaking (when trying to fix problems for example).

So we're thinking of putting the entire live board's files up in a SVN repository that would be publically available. Obviously we won't put anything in cache, files, stores, images or config.php. But is this an issue? Are there any security issues we haven't thought about?
This is actually a really good idea and something I believe we may even implement for one of our sites (you get three guesses, and the first two don't count).
I don’t see anything wrong with images, but you might exclude /images/avatars/upload/ -- as your admins may want to contribute images to smilies, upload icons, post icons, ranks, or even gallery avatars.
The phpBB Weekly Podcast - Discussing the developments of phpBB4 and beyond.

New to phpBB3? Want to learn about programing?
Visit phpBB Academy at StarTrekGuide to learn how.
User avatar
GroovePlugs
Registered User
Posts: 90
Joined: Wed Sep 05, 2007 3:43 am
Contact:

Re: Putting live board on an SVN repository? What do you think?

Post by GroovePlugs »

andrewbelcher wrote:Hey, I'm from the same boards... The idea isn't for people to download it pre-modded. The idea is that we can keep track of everything done to our live boards very easily, which would be useful as we develop our mods.

The problem is sourceforge (our SVN host) don't enable you to hide parts of the repositry, so they'd be live... The question is really are there any security problems with putting those files up there - does it pose any risk to data integrity or anything. The only files we could think might are config.php, /cache, /stores, /files and /images... Are there any others that put our boards at risk?
We have our own svn repository that's hosted on a server protected by a SSL layer (login required), so it's not open to the public.
But all the developers have access to the SVN… in this case, it's safer as far as information being available to the public than sourceforge, google code or an open SVN repository.

It's pretty easy to setup an SVN if you have access to your server, otherwise there are a few places where you can get a Repository that is only viewable by those you specify.
GroovePlugs is now known as Handyman`
Post Reply

Return to “phpBB Discussion”