subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Levy <andy.l...@gmail.com>
Subject Re: svn Farm
Date Fri, 08 Oct 2010 12:54:15 GMT
On Fri, Oct 8, 2010 at 08:09, Nico Kadel-Garcia <nkadel@gmail.com> wrote:
> Also note: both the 'svn' and 'http' access send the passwords ovder
> the network in clear text. There are ways around this (such as SSH or
> SSL tunneling), but they're pesky to set up. Fortunately, "https"
> already has that built in.

HTTP Digest Authentication does not send the password in cleartext, it
sends an MD5 hash. Yes, the hash is sent in cleartext, but that is not
exactly the same as sending the *password* in cleartext.

If you configure your svnserve to use SASL, it can use several methods
of encryption for authentication.
http://svnbook.red-bean.com/en/1.5/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sasl

I understand that you're very concerned with security shortcomings,
but you're leaving out important details that may make the system
appear less secure than it really can be with proper configuration.

Mime
View raw message