Re: svn Farm

From: Andy Levy <andy.levy_at_gmail.com>
Date: Fri, 8 Oct 2010 08:54:15 -0400

On Fri, Oct 8, 2010 at 08:09, Nico Kadel-Garcia <nkadel_at_gmail.com> wrote:
> Also note: both the 'svn' and 'http' access send the passwords ovder
> the network in clear text. There are ways around this (such as SSH or
> SSL tunneling), but they're pesky to set up. Fortunately, "https"
> already has that built in.

HTTP Digest Authentication does not send the password in cleartext, it
sends an MD5 hash. Yes, the hash is sent in cleartext, but that is not
exactly the same as sending the *password* in cleartext.

If you configure your svnserve to use SASL, it can use several methods
of encryption for authentication.
http://svnbook.red-bean.com/en/1.5/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sasl

I understand that you're very concerned with security shortcomings,
but you're leaving out important details that may make the system
appear less secure than it really can be with proper configuration.
Received on 2010-10-08 14:55:35 CEST

This message: [ Message body ]
Next message: jehan procaccia: "Re: svn Farm"
Previous message: Johan Corveleyn: "Re: svn Farm"
In reply to: Nico Kadel-Garcia: "Re: svn Farm"
Next in thread: jehan procaccia: "Re: svn Farm"
Reply: jehan procaccia: "Re: svn Farm"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]