Re: Are http-based password authentications secure?

From: Kalin KOZHUHAROV <kalin_at_thinrope.net>
Date: 2006-04-26 17:41:03 CEST

Nico Kadel-Garcia wrote:
> Matt England wrote:
>> Are authentication passwords given to update a repo that is checked
>> out via "http://" vs "https://" secure, in the sense that their
>> transmission is encrypted?

> Via HTTPS, yes. via HTTP, no. This is why HTTP should frankly never be
> used.

Well, let me give you a few examples where http is useful:
1. A VPN endpoint and SVN/HTTP server on the same machine, no acces except through the (encrypted) VPN
2. A physically secure and isolated (from the Net) LAN
3. Anonymous (RO) public repositories

Just my 3 yen :-)

Kalin.

-- 
|[ ~~~~~~~~~~~~~~~~~~~~~~ ]|
+-> http://ThinRope.net/ <-+
|[ ______________________ ]|
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Wed Apr 26 17:42:50 2006

This message: [ Message body ]
Next message: Scott Lamb: "Re: Are http-based password authentications secure?"
Previous message: Ryan Schmidt: "Re: Trying to see the history on a deleted directory"
In reply to: Nico Kadel-Garcia: "Re: Are http-based password authentications secure?"
Next in thread: Nico Kadel-Garcia: "Re: Are http-based password authentications secure?"
Reply: Nico Kadel-Garcia: "Re: Are http-based password authentications secure?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]