Re: Passwords, Security, and Performance

From: Mark Mielke <mark_at_mark.mielke.cc>
Date: Sun, 02 Nov 2008 15:26:20 -0500

Mark Eichin wrote:
>
> Not to minimize your analysis, but wouldn't any place that takes
> passwords seriously use svn+ssh instead, such that the server never
> sees them (ie. *real* single signon, with Kerberos for example...) and
> to properly delegate security concerns to the people who truly obsess
> over them?
>

It's a valid point.

svn+ssh requires server-side accounts to be set up (the last time I
checked?) and is not expected to perform as well. It does not seem as
flexible in terms of controlling read and write accesses to resources as
webdav.

Kerberos is an option I am looking into it - but we do not use Kerberos
today so it might be a much larger change. Even with Kerberos, I expect
the same sort of problems to occur related to performance of repeated
authorization/authentication on every webdav query.

There seems to be a lot of very different options with lots of pros +
cons for each and no clear winner. I can appreciate that one size might
not fit all, but it does seem that there is room for improvement in the
default model that would allow it to be used by more teams without
alteration?

Cheers,
mark

-- 
Mark Mielke <mark_at_mielke.cc>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org

Received on 2008-11-02 21:26:34 CET

This message: [ Message body ]
Next message: Mark Mielke: "Re: Passwords, Security, and Performance"
Previous message: Stefan Sperling: "Re: Tree conflict bug?"
In reply to: Mark Eichin: "Re: Passwords, Security, and Performance"
Next in thread: Branko Čibej: "Re: Passwords, Security, and Performance"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]