[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Writing svn-agent (Was Re: [PATCH] default to --no-auth-cache)

From: Jani Averbach <jaa_at_cc.jyu.fi>
Date: 2003-01-16 17:49:22 CET

On 16 Jan 2003, Karl Fogel wrote:

> It would be useful to have a catalog of our auth methods and how we
> store their data, at this point. We've got:
>
> http basic auth -- Stored in cleartext, and goes over the wire in
> cleartext too. Basically like CVS pserver.
> At least, it *will* be, once we stop storing
> the auth data in the working copy! :-)
>
> ssl -- Stored in cleartext, but goes over the wire
> encrypted. Like CVS pserver over an ssh
> tunnel. Secure as far as the network goes,
> not so secure from attacks based on the client
> host.
>
> ra_svn ssh tunnel -- No cleartext password stored on client side;
> basically, this is like CVS's ":ext:" protocol
> when run over ssh. It's only ra_svn, though,
> right?
>
> Anything else? (Not a rhetorical question; quite possible I've missed
> stuff here, or misunderstood our existing options, in which case
> please educate me.)
>

   http basic auth
       over ssh tunnel -- Much more secure at the moment than ssl. We
                          don't have at the moment any kind certificate
                          handling, right?
                          And you will need only one ssh accout (if you
                          like), thanks to the http auth

BR, Jani

--
Jani Averbach
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jan 16 17:50:16 2003

This is an archived mail posted to the Subversion Dev mailing list.