Les Mikesell wrote:
> On Tue, 2006-07-04 at 02:19, Nico Kadel-Garcia wrote:
>>>
>>> but: if you don't trust your OS (after you configured it correctly
>>> and securely), the OP is right, you should not be using it...
>>
>> Erik, I was talking about the server side. It's a ghods-awful
>> approach to keep software passwords floating around in plain text,
>> for any system. The server administrator *should not* in general
>> know user's passwords.
>
> Can't you use any of the many mod_auth_xxx methods with apache
> (LDAP, pam, etc.), many of which use encrypted and/or remote
> passwords? The usual issue with http is that basic authentication
> is passed in the clear, but with https the whole stream is
> encrypted.
Oh, I absolutely agree. But I'd been talking about svnserve, not Subversion
in general, and it's one of the reasons I so strongly HTTPS over svnserve.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jul 5 05:20:42 2006