[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Writing svn-agent (Was Re: [PATCH] default to --no-auth-cache)

From: <rbb_at_rkbloom.net>
Date: 2003-01-16 18:08:39 CET

Oh, this also begs another question, does svn (or Neon) support Digest
authentication? Much better from a security POV.

Ryan

On Thu, 16 Jan 2003, Jani Averbach wrote:

> On 16 Jan 2003, Karl Fogel wrote:
>
> > It would be useful to have a catalog of our auth methods and how we
> > store their data, at this point. We've got:
> >
> > http basic auth -- Stored in cleartext, and goes over the wire in
> > cleartext too. Basically like CVS pserver.
> > At least, it *will* be, once we stop storing
> > the auth data in the working copy! :-)
> >
> > ssl -- Stored in cleartext, but goes over the wire
> > encrypted. Like CVS pserver over an ssh
> > tunnel. Secure as far as the network goes,
> > not so secure from attacks based on the client
> > host.
> >
> > ra_svn ssh tunnel -- No cleartext password stored on client side;
> > basically, this is like CVS's ":ext:" protocol
> > when run over ssh. It's only ra_svn, though,
> > right?
> >
> > Anything else? (Not a rhetorical question; quite possible I've missed
> > stuff here, or misunderstood our existing options, in which case
> > please educate me.)
> >
>
> http basic auth
> over ssh tunnel -- Much more secure at the moment than ssl. We
> don't have at the moment any kind certificate
> handling, right?
> And you will need only one ssh accout (if you
> like), thanks to the http auth

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jan 16 17:56:02 2003

This is an archived mail posted to the Subversion Dev mailing list.