subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: svn + SSL?
Date Sat, 19 Dec 2015 10:43:01 GMT
jblist@icloud.com wrote on Thu, Dec 17, 2015 at 16:46:12 -0700:
> Setting up Apache for https is a bit heavy and SSH requires the
> existence of local users.

svn+ssh:// requires the existence of *one* local user, which be locked down
with command="svnserve -t",no-x11-forwarding, etc., in authorized_keys(5).

> Has there been any thought to added SSL/TLS to the svn protocol?
> 
> Adding TLS doesn't seem like it would be
> that hard and would help when using SASL/LDAP when passing plaintext
> passwords.

It's not clear to me what your concern is, whether it is avoiding
password-based authentication, or achieving full on-the-wire encryption,
or something else.

In any case, I suspect it would be far less work to simply document how
to configure SASL with full on-the-wire encryption and client
certificates.

Or perhaps stunnel, which has its pros and cons (e.g., an SSL
vulnerability won't compromise the svn process).

Cheers,

Daniel

Mime
View raw message