[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: rev 4602 - branches/issue-650-ssl-certs/subversion/libsvn_ra_dav

From: <joe_at_manyfish.co.uk>
Date: 2003-01-29 21:56:15 CET

On Wed, Jan 29, 2003 at 12:53:15PM -0700, David Waite wrote:
 I disagree - there is no real difference between having the user hit 'Y'
 to get around a certificate problem, vs having the user to append
 overrides to a file to get around a certificate problem. The only
 difference really is that someone does not blindly hit 'Y' to continue,
 which in my opinion makes it more secure, not less.

Yeah, there's a good argument that prompting shouldn't be done either.
But if you want allow users a way to bypass security checks I think
allowing them to do it temporarily via a prompt (with a big warning) is
better by a long way than having a config option to do so permanently.

The security of an SSL connection rests entirely on the cert validation
checks - a config option to turn off these checks seems to miss the
point somewhat.



To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 14 02:24:23 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.