[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SSLRequireSSL how to?

From: Stefan C. Kremer <skremer_at_kremer.ca>
Date: 2004-10-07 05:47:23 CEST

Hi,

I'm new to subversion, but have been impressed so far. I am trying to
set up a subversion server using dav_svn 1.0.6-2 under apache2 (2.0.52)
(with Debian).

I want to use AuthType basic, but don't want my passwords and data
transmitted as plain text. So, I enabled SSL and can access everything
via https (so far so good).

I don't trust my users to remember to use https instead of http, so I
would like to turn off non-ssl connections to the repository to make
sure no-one accidentally transmits their password in plain text.

I still have some other stuff served by apache that should work with
non-ssl http, so I don't want to turn off non-ssl connections site
wide, just to the repository.

I thought I could just add the SSLRequireSSL directive to the
"Location" block of the dav_svn configuration but this seems to have no
effect and I can still access the repository with unencryped
connections.

Any solutions, advice, sympathy?

        -Stefan

-- 
Reynolds Building, 106, Dept. of Computing & Info. Science
University of Guelph, Guelph, Ontario     N1G 2W1
Tel: (519)824-4120 Ext.58913     E-mail:  skremer@uoguelph.ca
Fax: (519)837-0323     WWW: http://q.cis.uoguelph.ca/~skremer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Oct 7 05:47:40 2004

This is an archived mail posted to the Subversion Users mailing list.