[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: svn automatically temporary accept for SSL key?

From: Jason Winnebeck <jpwasp_at_rit.edu>
Date: 2007-07-17 20:39:29 CEST

-----Original Message-----
From: Konrad Rosenbaum [mailto:konrad@silmor.de]

On Tuesday 17 July 2007, timotheus wrote:
> How do I make the svn command automatically select temporary key
> acceptance for https:// method. This appears necessary for cron jobs.

Why temporary?

Do it once manually and accept the SSL-key permanently, then the
will not have any problems. There is no valid security reason to accept
key temporarily hundreds of times without even seeing it over just
accepting it permanently.



Also, if you automatically accept any SSL key, you have eliminated
entirely any security offered by SSL. Just FYI. At least with
self-signed keys that are blindly accepted the first time you get the
same level of security as you might from SSH: you know the server is the
same server as the server from the first connect. With auto-accept, an
attacker can inject any SSL key they desire and then the only thing you
get is encryption to the attacker's machine.


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jul 17 20:38:49 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.