[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Writing svn-agent (Was Re: [PATCH] default to --no-auth-cache)

From: <rbb_at_rkbloom.net>
Date: 2003-01-16 17:27:49 CET

On Thu, 16 Jan 2003, Sander Striker wrote:

> > From: rbb@rkbloom.net [mailto:rbb@rkbloom.net]
> > Sent: Thursday, January 16, 2003 5:19 PM
> > On 16 Jan 2003 cmpilato@collab.net wrote:
> >
> >> <rbb@rkbloom.net> writes:
> >>
> >>> I still disagree that implementing #2 brings us to the same point as CVS.
> >>> CVS only caches passwords to your disk if you are using :pserver:, which
> >>> most sites just don't do unless they are offering anonymous CVS. (Yes,
> >>> there are some that do, but it is rare).
> >>>
> >>> What that means, is that by implementing #2, you have brought subversion
> >>> up to the very least that CVS does. This makes subversion useful for
> >>> public access, but leaves it unsuitable for use with private passwords.
> >>> Emulating a feature of CVS that most people consider to be a security
> >>> problem does not sound like the correct way to replace CVS.
> >>
> >> IANA-SecurityGuy, but. Can't ra_svn be SSH-tunneled? If so, then it
> >> would seem that that is a good mapping to CVS using :ext:SSH. And by
> >> using mod_dav + SSL and disabling auth caching altogether, isn't that
> >> an exact match of CVS's most secure model?
> >
> > Yes, ra_svn over SSH is exactly what CVS does. ra_dav + SSL without
> > auth-caching is also perfectly secure. The only remaining problem (once
> > passwords are moved out of the wc, is that the default is insecure, and
> > the docs glance over the issue. The reason that svn-agent came up at all
> > is because people want both security and auth-caching, which requires
> > something like svn-agent.
> Right. So to improve fast, move to option #2 (and change the default to
> no-caching), and when svn-agent is done go for option #3.

Which was the original plan, yes. The only hard part about this is moving
the passwords into ~/.subversion, because that directory currently doesn't
understand multiple repositories. I haven't had any time to work on this
yet. If somebody else wants to go ahead and implement it, I won't be
upset, otherwise it is likely to take me a few weeks to finish. I get at
most an hour a night to code.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jan 16 17:15:07 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.