[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Auth security for 'http://' (without SSL) based access?

From: Andy Levy <andy.levy_at_gmail.com>
Date: 2006-10-07 23:35:52 CEST

On 10/7/06, Matt England <mengland@mengland.net> wrote:
> (My apologies if this is a faq.)
> How secure are authentication artifacts (namely logins and passwords)
> during the following commands on a repo that requires login-and-password
> authentication for
> svn co http://myrepo.com myrepo
> cd myrepo
> touch a
> svn add a
> svn ci -m "checking new file namd 'a'"
> (Note that it's an 'http://' and not a 'https://' (SSL based) access.)
> Is the corresponding password sent in clear text? If so, then said
> passwords a quite susceptible to being sniffed, particularly on a wireless
> network (it's debatable how hard/easy this is to do on a non-wireless network).

Depends on your AuthType. Are you using Basic or Digest? Basic only
base-64 encodes the id/password pair, while Digest is more secure.
See http://linuxplanet.com/linuxplanet/tutorials/1527/4/

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Oct 7 23:36:21 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.