Re: Feature Request: clients shouldn't store auth-creds

From: Nicolás Lichtmaier <nick_at_reloco.com.ar>
Date: 2005-01-09 23:49:29 CET

>> The svnserve+ssh combo already has its own "private" solution
>> (with ssh-agent).
>>
>> The point of this idea is to avoid having the client send a plaint
>> text password in each request. I don't see any way of dealing with
>> this in Apache other than with a modified auth module.
>
>
> mod_auth_digest? https://?

No. Both https and mod_auth_digest are ways to send a plain text
password securely. And this plain text password must be sent *every
time*. I'm talking about some server component (e.g. an apache auth
module) which would hand over temporary session tokens/credentials. An
administrator would be able to configure the expiry time of these tokens
(2 hours? 1 day? a week?).

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sun Jan 9 23:51:28 2005

This message: [ Message body ]
Next message: Branko Čibej: "Re: Feature Request: clients shouldn't store auth-creds"
Previous message: Branko Čibej: "Re: Feature Request: clients shouldn't store auth-creds"
In reply to: Branko Čibej: "Re: Feature Request: clients shouldn't store auth-creds"
Next in thread: Branko Čibej: "Re: Feature Request: clients shouldn't store auth-creds"
Reply: Branko Čibej: "Re: Feature Request: clients shouldn't store auth-creds"
Reply: Daniel Patterson: "Re: Feature Request: clients shouldn't store auth-creds"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]