[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SSL encryption [Re: question]

From: Phillip Susi <psusi_at_cfl.rr.com>
Date: 2005-06-08 17:10:06 CEST

On Wednesday 08 June 2005 07:54, Saulius Grazulis wrote:

>On Tuesday 07 June 2005 21:13, Christopher Ness wrote:
>
>
>>>(2) Will passwords be sent as cleartext or will they be encrypted?
>>>
>>>
>>Only if you decide to *not* use SSL. The best ways to encrypt all the
>>traffic are through HTTPS or SSH+SVN.
>>
>>
>Eppps... (surprise). I thought SSL was encrypting all traffic, including
>passwords, no?
>
>
Actually, if you set up SSL to authenticate using client certs, there is
no password sent over the line at all, encrypted or otherwise. The
client may or may not use a password of their choosing to encrypt their
private certificate, but that doesn't involve the server at all.

Pretty cool stuff.

Of course, the other advantage of using https instead of ssh+svn is that
you can access the repository using any standard web browser, or webdav
client, such as windows web folders.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jun 8 17:24:11 2005

This is an archived mail posted to the Subversion Users mailing list.