Ben Collins-Sussman wrote:
> Andy Helten wrote:
>
>>> Read chapter 6 closely... these are separate methods of using svnserve.
>>>
>> I did read it, about 4 times. I guess my assumption was that the
>> svn:// access method did not encrypt the repository _data_ (did not
>> find this explicitly described in the book). Am I wrong here? I
>> understand authentication is secured by CRAM-MD5, but that doesn't
>> imply the subsequent repository transfer is secure. Is it? If not,
>> these access methods are hardly equivalent in terms of security.
>>
>
> You are correct. A client speaking svn:// to an svnserve daemon is
> not speaking over an encrypted link. (The password never travels over
> the network in any form... but the main repository data isn't encrypted.)
>
> I never claimed the two methods were equivalent in terms of security.
> :-) I was just pointing out that one method requires an ssh system
> account, one does not. Encryption is a separate topic.
>
So what am I left with? Here is my situation:
1) An SVN/Apache/SSL bug is preventing me from checking out my
repository using HTTPS.
2) I am not comfortable with the insecure transfer of the
repository using svn://
3) I don't really want to create system accounts for the folks
accessing this repository (i.e. no svn+ssh:// if it requires system
accounts for repository users)
HELP!!!!
Andy
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jul 30 01:56:01 2004