Re: svn+ssh long-lived daemon
On 20 November 2015 at 17:20, Mark Phippard <markphip_at_gmail.com> wrote:
> I've always felt the same, but now that I've used SSH more (with Git) I kind
> of question it.
> Are HTTP client certs much better than passwords? The cert itself still has
> to be physically secured and if you protect the cert with a passphrase then
> you have all of the same cache problems that passwords do.
HTTP client certs a slightly better than passwords because evildoer
cannot intercept password over the wire. But on the other hand
connection is already encrypted so even plain-text password is not big
Received on 2015-11-20 16:26:01 CET
This is an archived mail posted to the Subversion Dev