Re: Passwords, Security, and Performance

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: Sun, 02 Nov 2008 14:53:58 -0500

On Sun, 2008-11-02 at 14:37 -0400, Mark Eichin wrote:
> Not to minimize your analysis, but wouldn't any place that takes
> passwords seriously use svn+ssh instead, such that the server never
> sees them (ie. *real* single signon, with Kerberos for example...) and
> to properly delegate security concerns to the people who truly obsess
> over them?

Performance tends to be underwhelming with svn+ssh, at least in svn
1.4.x, because we create so many sessions for each command.

However, I'll echo that "single sign-on" does not mean "single
password." See:

http://en.wikipedia.org/wiki/Single_sign-on

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-11-02 20:54:17 CET

This message: [ Message body ]
Next message: Stefan Sperling: "Re: Tree conflict bug?"
Previous message: Julian Foad: "Re: [Issue 3145] svn resolve[d] should be aware of all the different types of conflicts"
In reply to: Mark Eichin: "Re: Passwords, Security, and Performance"
Next in thread: Branko Čibej: "Re: Passwords, Security, and Performance"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]