Ben Collins-Sussman wrote:
> Hold on a second... let me summarize what I see happening in the code.
>
> The subversion auth system caches credentials on disk based on a
> 'realmstring' key. The caller of the auth system defines custom
> realmstring formats for each type of credential.
>
> In the case of http 'basic' auth, ra_dav creates a realmstring based
> on the host, port, and http-realm header, something like:
>
> "<http://svn.foo.net:8080> Frank's repository"
>
> We did this, of course, to help prevent spoofing.
>
> In the case of our new server-cert handling, ra_dav is simply using
> the entire ascii-ized server-cert as a realmstring key. As Joe points
> out, this is pretty darn spoofable.
No it's not, becuse Subversion will complain that the hostname does not
match the one in the cert. We have choosen to say that the cert is
authentic, not that we should accept any connecting using this
particular cert. Of course not, that would be immensly stupid.
I would still like to hear feedback on the updated mechanism I posted
earlier today, though. I'll code it up as soon as I get home.
/Tobias
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Sep 23 17:15:03 2003