Re: svn commit: rev 4602 - branches/issue-650-ssl-certs/subversion/libsvn_ra_dav

From: <joe_at_manyfish.co.uk>
Date: 2003-01-29 21:56:15 CET

On Wed, Jan 29, 2003 at 12:53:15PM -0700, David Waite wrote:
I disagree - there is no real difference between having the user hit 'Y'
to get around a certificate problem, vs having the user to append
overrides to a file to get around a certificate problem. The only
difference really is that someone does not blindly hit 'Y' to continue,
which in my opinion makes it more secure, not less.

Yeah, there's a good argument that prompting shouldn't be done either.
But if you want allow users a way to bypass security checks I think
allowing them to do it temporarily via a prompt (with a big warning) is
better by a long way than having a config option to do so permanently.

The security of an SSL connection rests entirely on the cert validation
checks - a config option to turn off these checks seems to miss the
point somewhat.

Regards,

joe

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 14 02:24:23 2006

This message: [ Message body ]
Next message: subversion_at_kempy.co.uk: "Ok and Cancel buttons"
Previous message: rooneg_at_electricjellyfish.net: "Re: [PATCH] Fix issue 1037 (Repository UUIDs)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]