[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

connection establishment todo, secure transport, sasl temporary alternative

From: solo turn <soloturn99_at_yahoo.com>
Date: 2002-12-03 12:33:35 CET

when reading connection establishment
todo(subversion/libsvn_ra_svn/todo), two things were not clear to me:
1. why would you need a port assignment from iana, if
   you are using http/webdav/deltav,
   isnt there port 80/443 already "defined"?
2. why there is nothing saying "ssl" as temporary and easy
   to implement alternative to sasl.

if you do plain text password authentication over secure transport,
it is secure. and https provides that. and we have it today. the only
thing which might bother some people is the effort for encrypting the
whole traffic (and the client does not offer to display the
certificate a server presents ... but this is a different story).

if this is a real problem, why not having the following configuration
options:
- server: https, http, http+https
  --> we have it today via apache
- client: use https for critical info, which might be passwords,
  directories with a certain property, ...)
  --> could be easily added by extending the ~/.suversion/servers
      file.

an example how a config file could look like (i used xml notation,
cause i don't know how to write it in the current settings file
notation):

<!-- section for servers/groups: -->
  <!-- enforces connection establishing via https -->
  <group id="tigris_group" http="80" https="5000"
security="https-connection-establish">
     <dns>*.collab.net</dns>
     <dns>*.tigris.org</dns>
  </group>
  <group id="seconndgrp">
  ...
  </group>

  <!-- default group, enforces no https at all -->
  <group id="default" http="80" https="443">
  </group>

     
<!-- section for proxies: -->
  <!-- special proxy for some groups -->
  <proxy id="myproxies"
         applytogroups="tigris_group, secondgrp"
         exceptgroups=""
         host="bla.proxydomain.org"
         port="8080"
         user="myuser"
         password="uhm"
>
  </proxy>
  <!-- default proxy -->
  <proxy id="default">
    <exceptdns>
      <dns>*.localdomain.net</dns>
      <dns>*.localdomain2.net</dns>
    </exceptdns>
    <!-- read linux proxy environment variables -->
    <host getfrom="env"/>
    <port getfrom="env"/>
  </proxy>

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Dec 3 12:34:17 2002

This is an archived mail posted to the Subversion Dev mailing list.