[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Is the svn:// protocol secure when encrypted via SASL?

From: Mark Phippard <markphip_at_gmail.com>
Date: Tue, 15 Feb 2011 16:21:08 -0500

On Tue, Feb 15, 2011 at 4:11 PM, Keith Palmer Jr. <keith_at_consolibyte.com> wrote:
>
> We'd like to use the svn:// protocol to check out some code over a WAN, but we want to make sure that the code isn't traveling over the WAN in plain-text.
>
> If we set up the repo to require min-compression 128 via SASL, does that encrypt *just the authentication* or does that *encrypt the actual data transfer* too?
>
>
> I've asked just about everywhere else and can't seem to get a straight answer out of anyone- some people say yes, some people say no.

Capture a small checkout using Wireshark and see for yourself.

Reading this file:

http://svn.apache.org/repos/asf/subversion/trunk/notes/sasl.txt

And the Known Issues regarding TLS. It almost sounds like the login
process is a plain text conversation, although with DIGEST-MD5 perhaps
still relatively secure, and then only after you have authenticated it
can encrypt the data?

I think you would want to capture the traffic to see for yourself. Or
use something like SSH or https and not have any doubts.

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
Received on 2011-02-15 22:21:44 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.