Hi Kenneth!
>From: Kenneth Porter <shiva@sewingwitch.com>
>To: dev@subversion.tigris.org
>Subject: Re: Feature request: Disable ssl prompting in "servers" for better
>security
>Date: Mon, 20 Dec 2004 18:22:20 -0800
>
>--On Tuesday, December 21, 2004 2:13 AM +0000 Tom Martin
><tommartin687@hotmail.com> wrote:
>
>>it seems that there is a difference of subversion to many other
>>applications: With subversion you typically have much more sessions than
>>with other applications. For example, when using ssh you typically login,
>>and then have a longer session. When using svn, every single svn command
>>is a new session. This makes it much more likely to simply click warning
>>messages away.
>
>How is this different from connecting to your bank over HTTPS?
There is none. But I don't like this, too.
If someone manipulates DNS or IP packet routing of your bank server:
Can you guarantee that no-one is simply clicking away the fingerprint
warning message?
Would you bet your money on it?
I definitely wouldn't.
It is your own risk to access your bank account in this way.
But I want to reduce the dependency of *other's* people correct behaviour
regarding the security of our company.
Thanks.
Tom
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Dec 21 03:58:27 2004