Re: Is the svn:// protocol secure when encrypted via SASL?

From: Mark Phippard <markphip_at_gmail.com>
Date: Tue, 15 Feb 2011 16:21:08 -0500

On Tue, Feb 15, 2011 at 4:11 PM, Keith Palmer Jr. <keith_at_consolibyte.com> wrote:
>
> We'd like to use the svn:// protocol to check out some code over a WAN, but we want to make sure that the code isn't traveling over the WAN in plain-text.
>
> If we set up the repo to require min-compression 128 via SASL, does that encrypt *just the authentication* or does that *encrypt the actual data transfer* too?
>
>
> I've asked just about everywhere else and can't seem to get a straight answer out of anyone- some people say yes, some people say no.

Capture a small checkout using Wireshark and see for yourself.

Reading this file:

http://svn.apache.org/repos/asf/subversion/trunk/notes/sasl.txt

And the Known Issues regarding TLS. It almost sounds like the login
process is a plain text conversation, although with DIGEST-MD5 perhaps
still relatively secure, and then only after you have authenticated it
can encrypt the data?

I think you would want to capture the traffic to see for yourself. Or
use something like SSH or https and not have any doubts.

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/

Received on 2011-02-15 22:21:44 CET

This message: [ Message body ]
Next message: Keith Palmer Jr.: "Re: Is the svn:// protocol secure when encrypted via SASL?"
Previous message: Keith Palmer Jr.: "Is the svn:// protocol secure when encrypted via SASL?"
In reply to: Keith Palmer Jr.: "Is the svn:// protocol secure when encrypted via SASL?"
Next in thread: Keith Palmer Jr.: "Re: Is the svn:// protocol secure when encrypted via SASL?"
Reply: Keith Palmer Jr.: "Re: Is the svn:// protocol secure when encrypted via SASL?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]