[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: HTTP authentication vs. --username and --password

From: Sander Striker <striker_at_apache.org>
Date: 2002-07-22 12:09:08 CEST

> From: Sander Striker [mailto:striker@apache.org]
> Sent: 22 July 2002 11:49

> Valid stuff, but it depends on how you handle the urls. If you parse them
> at the client end and handle the user:password part as if it was passed in
> using --username and --password, stripping the user:password segment out
> of the url when contacting the server, it is as secure as it is now.

Security is screwed anyway if you pass --password on the cmdline, since
anyone who can run ps ax, will be able to see it.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jul 22 12:06:33 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.