Re: Subversion and SSPI

From: Adrian Wilkins <adrian.wilkins_at_gmail.com>
Date: 2007-06-07 00:18:10 CEST

On 05/06/07, Stefan Küng <tortoisesvn@gmail.com> wrote:
> Rich wrote:
> > So why does downgrading from TSVN 1.4.3 to TSVN 1.4.0 allow me to
> > automatically authenticate with a non-SSL apache running mod_sspi?
>
> Because of a bug in neon :)
>

It must be the same bug in Internet Explorer then, that authenticates
seamlessly with a quick whoami.php using mod_sspi with no SSL on
Apache, and that can log into ASP.NET applications on IIS without SSL.

I'm not saying it's secure (I've seen articles to the contrary), but I
am saying that I know it does work. It's less the security, it's more
the convenience of having users authenticated automatically and being
sure that they didn't log in as someone else, which you don't get with
Basic or Digest.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Thu Jun 7 00:18:20 2007

This message: [ Message body ]
Next message: Bastiaan Veelo: "TortoiseMerge and old editors (CTRL-Z)"
Previous message: Adam Strzelecki: "Re: TSVN Menu item names missing r9633 Win2k"
In reply to: Stefan Küng: "Re: Subversion and SSPI"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]