loggerhead

Access control on loggerhead?

Asked by Benjamin Rister

Maybe I'm missing something obvious, but I don't see any way to control access to the bzr repository information in loggerhead. In our old svn-based system, we just used standard Apache access control, but loggerhead runs its own server, so that's out, and I don't see any support for explicit access control either.

This may be fine for open source stuff, but we'd both like our developers to be able to access it from anywhere and also not expose all of our source to anybody with a web browser. Is this really just not supported?

Thanks,
Ben Rister

Question information

Language:
English Edit question
Status:
Solved
For:
loggerhead Edit question
Assignee:
No assignee Edit question
Solved by:
Benjamin Rister
Solved:
Last query:
Last reply:
Revision history for this message
Michael Hudson-Doyle (mwhudson) said : 		#1

Generally, I would recommend running loggerhead behind Apache, then doing access control in Apache.

Revision history for this message
Benjamin Rister (bdrister) said : 		#2

I assume you mean having Apache proxy it (from the README)? That'd only stop anybody who voluntarily goes through Apache, and loggerhead's still happily serving everything up to anybody who asks it directly.

We can firewall off that port, but it still seems...fragile. But if that's the best solution, I guess I'll check with the web admin and see what all can be done to lock that off.

Thanks.

Revision history for this message
Michael Hudson-Doyle (mwhudson) said : 		#3

Um, yes, that's a good point. You can -- currently only by changing the source -- have loggerhead only bind to localhost, which would also have the desired effect.

(I guess I'm used to 'closed by default' environments)

Revision history for this message
Papadakos Panagiotis (papadako) said : 		#4

I would also like to see a feature like this, since nobody wants to setup a apache...

Revision history for this message
Michael Hudson-Doyle (mwhudson) said : 		#5

If the access control is as simple as "only allow access to loggerhead at all" for certain people, I can probably release my open-id based access control.

Revision history for this message
Luis Montiel (luismmontielg) said : 		#6

is there any sources on how-to get this? Any guide or documentation? I would like to have something like
"only allow access to loggerhead at all" as Michael said

Thanks