[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnadmin create and not being method agnostic

From: Nick <nospam_at_codesniffer.com>
Date: Mon, 03 Jan 2011 11:09:45 -0500

On Sun, 2011-01-02 at 22:43 -0500, Nico Kadel-Garcia wrote:

> It's possible to do secure Subversion. Use svn+ssh access, disable or
> block other services at the firewall, and keep it away from HTTP/HTTPS
> in order to prevent UNIx or Linux client plaintext password storage.

Apologies in advance if this is covered somewhere, but can someone
explain (or point me to some references on) why using SVN w/ Apache
(HTTPS) is insecure? I've seen some references to plain text password
storage, but I don't see my password on my server. The passwords in my
svnusers files look like hashes, which makes sense because I use the
"-m" option to htpasswd2 when creating them. What am I missing?

Best regards,
Nick
Received on 2011-01-03 17:10:41 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.