One of the groups that I work with remotely have set up subversion edge which mirrors our subversion repositories( Note that we do not use subversion edge). Our subversion uses LDAP authentication. Subversion edge is using local htpasswd file for authentication.
I am able to access all the repositories in the remote location just by using https://xx.xx.xx.xx/svn/reponame without being prompted for any user name or password. Is this a hole? How can I fix this? I want only a valid user to be able to read/write.
Thanks in advance
No. I think it's just lazy SVN-admin, which doesn't configure auth-part properly and allowed anonymous reading
Satisfy anymust be removed from SVN<Location>in httpd.conf, onlyRequire valid-usermust be present