Gale, David wrote:
>Dimitri Papadopoulos-Orfanos wrote:
>
>>>Very good point, and a large part of why I feel the svn client should
>>>allow the end-user to change their passwords on svnserve'd
>>>repositories. (I posted more of my reasons earlier in this thread,
>>>and so far, at least, no one has put forward any reasons this
>>>shouldn't happen...)
>>>
>>Have you filed an issue? I'd certainly vote for it.
>>
>>It would be nice to be able to change passwords not only with svnserve
>>but also with Apache servers (in the latter case this would probably
>>not work in the general case, but it would be nice if it could at
>>least work with basic password files).
>>
>
>Opened issue #2445.
>
>http://subversion.tigris.org/issues/show_bug.cgi?id=2445
>
This sound much easier than it is. To prevent password snooping, the
password
or its hash needs to be privately transported (i.e., using a encrypted
link).
Furthermore, since there is no a priori trusted connection between
client and
server, you probably need to use some form public key cryptography
(e.g., ssl).
Which gets you into the whole certificate business.
Which begs the question, why not use ssl for authentication itself?
Gerco.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Nov 18 00:03:05 2005