Re: [PATCH] default to --no-auth-cache

From: Josef Wolf <jw_at_raven.inka.de>
Date: 2003-01-14 21:39:34 CET

On Tue, Jan 14, 2003 at 11:10:25AM -0600, Karl Fogel wrote:

> But having it in ~/.subversion/, in a location readable only by that
> user and by root, is fine. Remember, we're talking about http basic
> auth passwords here -- anyone who has root on the client box could
> just sniff the network to get them too.

Ough! How come you to sniff basic auth passwords when they are used
over SSL?

Obviously, root could install a manipulated ssl library or a modified
svn client... But just sniff them?!?

-- 
-- Josef Wolf -- jw@raven.inka.de --
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Tue Jan 14 21:39:45 2003

This message: [ Message body ]
Next message: Greg Hudson: "Re: Fun tests, WAS: RE: Diff lib"
Previous message: Sander Striker: "Fun tests, WAS: RE: Diff lib"
In reply to: Karl Fogel: "Re: [PATCH] default to --no-auth-cache"
Next in thread: Branko Čibej: "Re: [PATCH] default to --no-auth-cache"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]