[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Feature request: Disable ssl prompting in "servers" for better security

From: Tom Martin <tommartin687_at_hotmail.com>
Date: 2004-12-21 03:48:11 CET

>From: John Peacock <jpeacock@rowman.com>
>To: Tom Martin <tommartin687@hotmail.com>
>CC: dev@subversion.tigris.org
>Subject: Re: Feature request: Disable ssl prompting in "servers" for better
>Date: Mon, 20 Dec 2004 21:27:29 -0500
>Tom Martin wrote:
>>Authentication itself is a very serious security issue.
>>No serious security manager would rely on proper timeouts and on proper
>>IP routing. There are several possibilities for manipulating this.
>>This is exactly the reason why ssl authentication exists.
>>I am sure you don't want to say that this feature has no reason.
>Yes, but it is the ssh program itself which challenged the user about the
>changed key, not Subversion. I'm not even sure that it is possible at the
>Subversion level to affect this behavior, since ssh is the secure transport
>method and only after the connection is established that svn gets control

All ssl properties are read from the subversion config file "servers".
So subversion seems to evaluate them.
Also the subversion command line client evaluates the no-promt option.
Basically my proposal says that "servers" should get a default value for
Because of this, although not being a professional developer, I am quite
that it would be easy possible in subversion.

>This feature belongs in ssh, not in Subversion.
>In particular, the StrictHostKeyChecking option to .ssh/config seems to be
>exactly what you want:
>Set this to ``yes'' in the .ssh/config file (or if all users are on the
>same system, then the systemwide config file), and you won't have to worry
>about this again.

This is ssh. Is there a corresponding ssl option? This would be perfect!



Express yourself instantly with MSN Messenger! Download today it's FREE!

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Dec 21 03:50:24 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.