[Trac] Trac Security

[Alain]

The last thread bout authentication brought some security issues to my 
attention:

How safe is it to allow access to corporate source code in the internet 
based on user autentication and user's rights?

This comes from using the same system for subversion browsing only 
devellopers) and wiki+tickets (accessed by all support personel).

I am reffering to possible security bugs both in Trac and in the 
infrastructure used. Assuming that passwords are good and kept secret.

What is recomended 1)Apache or 2)standalone possibly with some SSL tunnel?

Thanks,
Alain