Re: svnadmin create and not being method agnostic

From: Nick <nospam_at_codesniffer.com>
Date: Mon, 03 Jan 2011 11:09:45 -0500

On Sun, 2011-01-02 at 22:43 -0500, Nico Kadel-Garcia wrote:

> It's possible to do secure Subversion. Use svn+ssh access, disable or
> block other services at the firewall, and keep it away from HTTP/HTTPS
> in order to prevent UNIx or Linux client plaintext password storage.

Apologies in advance if this is covered somewhere, but can someone
explain (or point me to some references on) why using SVN w/ Apache
(HTTPS) is insecure? I've seen some references to plain text password
storage, but I don't see my password on my server. The passwords in my
svnusers files look like hashes, which makes sense because I use the
"-m" option to htpasswd2 when creating them. What am I missing?

Best regards,
Nick
Received on 2011-01-03 17:10:41 CET

This message: [ Message body ]
Next message: Les Mikesell: "Re: Fine and secure dining, was Re: svnadmin create and not being method agnostic"
Previous message: Benjamin.Ortega_at_wellsfargo.com: "RE: On commit attempt, Server sent unexpected return value (403 Forbidden) in response to CHECKOUT"
In reply to: Nico Kadel-Garcia: "Fine and secure dining, was Re: svnadmin create and not being method agnostic"
Next in thread: Mark Phippard: "Re: svnadmin create and not being method agnostic"
Reply: Mark Phippard: "Re: svnadmin create and not being method agnostic"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]