[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Feature request: Disable ssl prompting in "servers" for better security

From: Tom Martin <tommartin687_at_hotmail.com>
Date: 2004-12-21 03:48:11 CET

>From: John Peacock <jpeacock@rowman.com>
>To: Tom Martin <tommartin687@hotmail.com>
>CC: dev@subversion.tigris.org
>Subject: Re: Feature request: Disable ssl prompting in "servers" for better
>security
>Date: Mon, 20 Dec 2004 21:27:29 -0500
>
>Tom Martin wrote:
>>Authentication itself is a very serious security issue.
>>No serious security manager would rely on proper timeouts and on proper
>>IP routing. There are several possibilities for manipulating this.
>>This is exactly the reason why ssl authentication exists.
>>I am sure you don't want to say that this feature has no reason.
>
>Yes, but it is the ssh program itself which challenged the user about the
>changed key, not Subversion. I'm not even sure that it is possible at the
>Subversion level to affect this behavior, since ssh is the secure transport
>method and only after the connection is established that svn gets control
>again.

All ssl properties are read from the subversion config file "servers".
So subversion seems to evaluate them.
Also the subversion command line client evaluates the no-promt option.
Basically my proposal says that "servers" should get a default value for
"no-promt".
Because of this, although not being a professional developer, I am quite
sure
that it would be easy possible in subversion.

>This feature belongs in ssh, not in Subversion.
>
>In particular, the StrictHostKeyChecking option to .ssh/config seems to be
>exactly what you want:
>
>...
>
>Set this to ``yes'' in the .ssh/config file (or if all users are on the
>same system, then the systemwide config file), and you won't have to worry
>about this again.

This is ssh. Is there a corresponding ssl option? This would be perfect!

Thanks!

Tom

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Dec 21 03:50:24 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.