Re: Are http-based password authentications secure?

From: Garrett Rooney <rooneg_at_electricjellyfish.net>
Date: 2006-04-25 00:28:20 CEST

On 4/24/06, Matt England <mengland@mengland.net> wrote:
> Are authentication passwords given to update a repo that is checked out via
> "http://" vs "https://" secure, in the sense that their transmission is
> encrypted?

It depends on how you set up apache. If you use basic auth no, you
need https to encrypt them, if you use digest auth, then yes, they are
encrypted on the wire.

-garrett

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Apr 25 00:29:45 2006

This message: [ Message body ]
Next message: Nico Kadel-Garcia: "Re: Are http-based password authentications secure?"
Previous message: Moshe Yudkowsky: "Re: Suggestion for Subversion Handbook: Example of properties"
In reply to: Matt England: "Are http-based password authentications secure?"
Next in thread: Scott Lamb: "Re: Are http-based password authentications secure?"
Reply: Scott Lamb: "Re: Are http-based password authentications secure?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]