Subversion authentication security issue (svnserve, MITM)
From: Navrotskiy Artem <bozaro_at_ya.ru>
Date: Fri, 16 Jan 2015 10:35:46 +0300
Hello.
Subversion includes many types of connection:
* svnserve - plain password over network
In the case of svnserver default instead of the password hash is transmitted over the network, and this configuration looks like a safe.
Configuration svnserver + ssh even in local network adds more overhead to establish the connection (I have 0.3 seconds per connection). Console svn client reconnects too often (eg, svn status -u A.txt B.txt C.txt produces 6 serial connections).
As a solution to this problem, it seems reasonable wrapping svnserver protocol SSL.
--š
|
This is an archived mail posted to the Subversion Dev mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.