[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion and SSPI

From: Adrian Wilkins <adrian.wilkins_at_gmail.com>
Date: 2007-06-07 00:18:10 CEST

On 05/06/07, Stefan Küng <tortoisesvn@gmail.com> wrote:
> Rich wrote:
> > So why does downgrading from TSVN 1.4.3 to TSVN 1.4.0 allow me to
> > automatically authenticate with a non-SSL apache running mod_sspi?
>
> Because of a bug in neon :)
>

It must be the same bug in Internet Explorer then, that authenticates
seamlessly with a quick whoami.php using mod_sspi with no SSL on
Apache, and that can log into ASP.NET applications on IIS without SSL.

I'm not saying it's secure (I've seen articles to the contrary), but I
am saying that I know it does work. It's less the security, it's more
the convenience of having users authenticated automatically and being
sure that they didn't log in as someone else, which you don't get with
Basic or Digest.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Thu Jun 7 00:18:20 2007

This is an archived mail posted to the TortoiseSVN Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.