[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Writing svn-agent (Was Re: [PATCH] default to --no-auth-cache)

From: <cmpilato_at_collab.net>
Date: 2003-01-16 17:01:59 CET

<rbb@rkbloom.net> writes:

> I still disagree that implementing #2 brings us to the same point as CVS.
> CVS only caches passwords to your disk if you are using :pserver:, which
> most sites just don't do unless they are offering anonymous CVS. (Yes,
> there are some that do, but it is rare).
>
> What that means, is that by implementing #2, you have brought subversion
> up to the very least that CVS does. This makes subversion useful for
> public access, but leaves it unsuitable for use with private passwords.
> Emulating a feature of CVS that most people consider to be a security
> problem does not sound like the correct way to replace CVS.

IANA-SecurityGuy, but. Can't ra_svn be SSH-tunneled? If so, then it
would seem that that is a good mapping to CVS using :ext:SSH. And by
using mod_dav + SSL and disabling auth caching altogether, isn't that
an exact match of CVS's most secure model?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jan 16 17:03:37 2003

This is an archived mail posted to the Subversion Dev mailing list.