subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick <>
Subject Re: svnadmin create and not being method agnostic
Date Mon, 03 Jan 2011 16:09:45 GMT
On Sun, 2011-01-02 at 22:43 -0500, Nico Kadel-Garcia wrote:

> It's possible to do secure Subversion. Use svn+ssh access, disable or
> block other services at the firewall, and keep it away from HTTP/HTTPS
> in order to prevent UNIx or Linux client plaintext password storage.

Apologies in advance if this is covered somewhere, but can someone
explain (or point me to some references on) why using SVN w/ Apache
(HTTPS) is insecure?  I've seen some references to plain text password
storage, but I don't see my password on my server.  The passwords in my
svnusers files look like hashes, which makes sense because I use the
"-m" option to htpasswd2 when creating them.  What am I missing?

Best regards,

View raw message