subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thorsten Schöning <tschoen...@am-soft.de>
Subject Is it safe to redirect from HTTP to HTTPS in case of svn:externals?
Date Wed, 19 Aug 2015 19:50:24 GMT
Hi,

I'm implementing publicly accessible mod_davn_svn in addition to some
internally used svnserve. Some of my repos use svn:externals where we
used to defined "//internal.example.org/...", my publicly available
entry point is "https://external.example.org". For the public
"internal.example.org" is resolved as "external.example.org", so
checking out a repo from HTTPS with svn:externals used would result in
a request to "https://internal.example.org" and produce certificate
verification failures in the client because of mismatching domain
names and such.

So I thought of simply changing the svn:externals definition to
"http://internal.example.org" which I can then redirect to
"https://external.example.org" on my public server. In my tests that
seemed to work properly and the important part is that the locally
created working copy for svn:externals only contained HTTPS-URLs.

So am I correct that my approach is safe regarding that no user
passwords or such are going unencrypted over the wire if only the
first request doesn't contain such passwords and will always only be
the redirect? Any other problems which I might overlook currently?

Thanks!

Mit freundlichen Grüßen,

Thorsten Schöning

-- 
Thorsten Schöning       E-Mail: Thorsten.Schoening@AM-SoFT.de
AM-SoFT IT-Systeme      http://www.AM-SoFT.de/

Telefon...........05151-  9468- 55
Fax...............05151-  9468- 88
Mobil..............0178-8 9468- 04

AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow


Mime
View raw message