Access control on loggerhead?

Asked by Benjamin Rister on 2008-07-27

Maybe I'm missing something obvious, but I don't see any way to control access to the bzr repository information in loggerhead. In our old svn-based system, we just used standard Apache access control, but loggerhead runs its own server, so that's out, and I don't see any support for explicit access control either.

This may be fine for open source stuff, but we'd both like our developers to be able to access it from anywhere and also not expose all of our source to anybody with a web browser. Is this really just not supported?

Thanks,
Ben Rister

Question information

Language:
English Edit question
Status:
Solved
For:
loggerhead Edit question
Assignee:
No assignee Edit question
Solved by:
Benjamin Rister
Solved:
2008-08-01
Last query:
2008-08-01
Last reply:
2008-08-01

Generally, I would recommend running loggerhead behind Apache, then doing access control in Apache.

Benjamin Rister (bdrister) said : #2

I assume you mean having Apache proxy it (from the README)? That'd only stop anybody who voluntarily goes through Apache, and loggerhead's still happily serving everything up to anybody who asks it directly.

We can firewall off that port, but it still seems...fragile. But if that's the best solution, I guess I'll check with the web admin and see what all can be done to lock that off.

Thanks.

Um, yes, that's a good point. You can -- currently only by changing the source -- have loggerhead only bind to localhost, which would also have the desired effect.

(I guess I'm used to 'closed by default' environments)

I would also like to see a feature like this, since nobody wants to setup a apache...

If the access control is as simple as "only allow access to loggerhead at all" for certain people, I can probably release my open-id based access control.

Luis Montiel (luismmontielg) said : #6

is there any sources on how-to get this? Any guide or documentation? I would like to have something like
"only allow access to loggerhead at all" as Michael said

Thanks