[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Question about svnserve and security

From: Don Adams <dadams_at_scisol.com>
Date: 2006-09-18 18:14:57 CEST

Hello all...I was hoping somebody could answer this question. I can't
seem to find a definitive answer. How secure is the custon protocol
svnserve? I know it uses CRAM-MD5 so the password never goes out on the
wire in the clear, and it seems that many, or most people use it with
SSH to provide an encrypted tunnel. What we want to do is just open up
the port for svnserve and NOT use SSH. We do not care if the data is
encrypted or not, we do care if the password goes over the wire though.
 
How much of a risk is just providing direct access to the svnserve port?
 
Any help would be great, because we are CVS users wanting to move to
SVN, but this is a hot topic right now. Thanks in advance!!
 
Don
 
Received on Mon Sep 18 19:38:12 2006

This is an archived mail posted to the Subversion Users mailing list.