"Jason Winnebeck" <jpwasp@rit.edu> writes:
> -----Original Message-----
> From: Konrad Rosenbaum [mailto:konrad@silmor.de]
>
> On Tuesday 17 July 2007, timotheus wrote:
>> How do I make the svn command automatically select temporary key
>> acceptance for https:// method. This appears necessary for cron jobs.
>
> Why temporary?
>
> Do it once manually and accept the SSL-key permanently, then the
> cron-job
> will not have any problems. There is no valid security reason to accept
> a
> key temporarily hundreds of times without even seeing it over just
> accepting it permanently.
>
>
> Konrad
>
> ------------
>
> Also, if you automatically accept any SSL key, you have eliminated
> entirely any security offered by SSL. Just FYI. At least with
> self-signed keys that are blindly accepted the first time you get the
> same level of security as you might from SSH: you know the server is the
> same server as the server from the first connect. With auto-accept, an
> attacker can inject any SSL key they desire and then the only thing you
> get is encryption to the attacker's machine.
>
> Jason
The purpose would be to access repository at:
https://localhost/somerepo/
but the server is a self-signed SSL certificate, hence the prompt.
No, I would not recommend automatic for remote repository either.
And what about cron job that runs as an unprivilaged user without any
$HOME or shell? Also, even if the user does have a valid $HOME, I find
that `svn' does occasionally forget it's cache for these cron job
unprivilaged users with valid HOME...
-timotheus
- application/pgp-signature attachment: stored
Received on Tue Jul 17 22:01:16 2007