RE: HTTP authentication vs. --username and --password

From: Sander Striker <striker_at_apache.org>
Date: 2002-07-22 12:09:08 CEST

> From: Sander Striker [mailto:striker@apache.org]
> Sent: 22 July 2002 11:49

[...]
> Valid stuff, but it depends on how you handle the urls. If you parse them
> at the client end and handle the user:password part as if it was passed in
> using --username and --password, stripping the user:password segment out
> of the url when contacting the server, it is as secure as it is now.

Security is screwed anyway if you pass --password on the cmdline, since
anyone who can run ps ax, will be able to see it.

Sander

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jul 22 12:06:33 2002

This message: [ Message body ]
Next message: Hans Marggraff: "Re: status of bindings via swig"
Previous message: Sander Striker: "RE: HTTP authentication vs. --username and --password"
In reply to: Sander Striker: "RE: HTTP authentication vs. --username and --password"
Next in thread: Glenn A. Thompson: "Re: HTTP authentication vs. --username and --password"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]