|
From: | Daniel Carrera |
Subject: | Re: [Monotone-devel] db kill_rev_locally |
Date: | Sun, 12 Oct 2008 01:36:31 +0200 |
User-agent: | Thunderbird 2.0.0.17 (Macintosh/20080914) |
Ethan Blanton wrote:
Yeah, our emails crossed; I didn't realize you were trying to optimize for ssh serving of monotone databases. Serving a monotone database over ssh is not really a solution, it has a number of drawbacks (mostly stemming from the fact that monotone is really Not Very Good at sharing database access).
It certainly has drawbacks, but AFAIK it is the only way.
If you have to serve through ssh, you'd be much better off starting a netsync server somewhere on a localhost port, and tunneling that port through ssh. That will take care of both concurrency and your security concerns in a much cleaner fashion.
How do you do that? I'm interested to hear more. What kind of access do you need to do this? Can you do it if you are an un-privileged user? If you can, that would be really neat. Are there any drawbacks to your solution? (e.g. what if the server reboots? can you setup a cron job to check that the server netsync server is up?).
I'm writing an informal paper on Monotone security (following the one from David A. Wheeler). I would like to add a section on how to setup Monotone through SSH to get the optimal security. I would be happy to share this paper if anyone finds it interesting.
Cheers, Daniel.
[Prev in Thread] | Current Thread | [Next in Thread] |