On Fri, Oct 8, 2010 at 11:25, Aaron McIver <aaron.mciver_at_gmail.com> wrote:
> You say they are encrypted/decrypted locally...but then you say they are sent to the server encrypted? Why would the client decrypt them if they are doing no validation?
When they're sent over the wire encrypted, they're encrypted using a
handshake and/or agreed-upon key at the time of connection.
When they're stored/read locally, they're encrypted/decrypted via the
Windows Crypto API which uses a key tied to your Windows account.
The locally-encrypted copy can't be decrypted by the server because
the keys are local to your account.
So when you connect (let's say via HTTPS), your client gets the
credentials decrypted via the appropriate Windows API, then includes
them in the HTTPS transmission. HTTPS encrypts the *whole*
communication between client & server using SSL certificates, not just
the credentials.
> I'm confused.
>
>> On Thu, Oct 7, 2010 at 13:17, Aaron McIver <aaron.mciver_at_gmail.com> wrote:
>> > The stored auth credentials, are those decrypted client side or server side?
>>
>> They encrypted & decrypted locally when accessed by the client to
>> communicate with the server.
>>
>> They are sent to the repository for authentication encrypted or
>> obfuscated if you are using an access/authentication method which
>> supports/requires it - digest authentication over HTTP, HTTPS, SASL
>> with svnserve, etc.
>
> ------------------------------------------------------
> http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2669333
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
>
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2669334
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2010-10-08 17:31:07 CEST