-----Original Message-----
From: Konrad Rosenbaum [mailto:konrad@silmor.de]
On Tuesday 17 July 2007, timotheus wrote:
> How do I make the svn command automatically select temporary key
> acceptance for https:// method. This appears necessary for cron jobs.
Why temporary?
Do it once manually and accept the SSL-key permanently, then the
cron-job
will not have any problems. There is no valid security reason to accept
a
key temporarily hundreds of times without even seeing it over just
accepting it permanently.
Konrad
------------
Also, if you automatically accept any SSL key, you have eliminated
entirely any security offered by SSL. Just FYI. At least with
self-signed keys that are blindly accepted the first time you get the
same level of security as you might from SSH: you know the server is the
same server as the server from the first connect. With auto-accept, an
attacker can inject any SSL key they desire and then the only thing you
get is encryption to the attacker's machine.
Jason
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jul 17 20:38:49 2007