Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to firstname.lastname@example.org.
> They have a hosted web server that's reasonably well backed up and on a ... > The project sponsor is concerned about theft of his source code, and I won't host a repository on the same machine acting as a web server, if concerned about code theft. A web server opens an attack surface - you can harden the CVS protocol as you like, but if the web server or a web application is compromised, and the attacker gains access to the file system with enough privileges, your code could be gone anyway. >adding a domain controller or joining the server into an existing domain >have been ruled out for paranoia reasons. May be correct. Usually is better that machines in perimeter networks (i.e. DMZs) are not part of a domain in internal networks - many ports have to be opened in a firewall to make AD work, and a compromised machine may have access to too many domain resources - anyway they become a bridgehead for further attacks. Usually they have their own domain, or are configured as standalone servers. In Windows 2000 and 2003, the domain *is not* a security boundary. The forest is. > They also have 3 people who need access to this repository Given the small number of people needing access, IMHO you don't need a public machine. I would put the repository on a machine in the company's internal network and use a VPN to access it. On the Internet side the CVS protocol used is irrelevant, the VPN itself encrypts the transmission. -- LDS