[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Configuration recommendations in a heterogenous Linux environment?

From: Nico Kadel-Garcia <nkadel_at_comcast.net>
Date: 2006-07-03 20:24:39 CEST

Ulrich Eckhardt wrote:

> - svnserve is dead easy to setup and offers some basic authentication.

As much as I like Subversion, I consider svnserve one of its great flaws.
Svnserve does not allow storage of encrypted passwords, only plaintext, and
relies on plaintext transmission of those passwords. Those are huge security
problems in any kind of a public, semi-public, or mixed environment. The SSH
wrapper work for it helps, but is quite awkward to deal with and doesn't
solve the issue, since so many people tend to use the same password for
their SSH keys, their logins, their bank accounts, their email access, etc.,
etc., etc.

This is why HTTPS is so much of an advantage: you rely on a well-known, well
supported authentication method that keeps the passwords encrypted.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Jul 3 20:26:19 2006

This is an archived mail posted to the Subversion Users mailing list.