subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Mikesell <>
Subject Re: SVN "Relay"
Date Mon, 02 Aug 2010 15:07:09 GMT
On 8/2/2010 8:56 AM, Istace Emmanuel wrote:
> " Should I be worried about banking transactions or credit card orders?"
> Yeah :(
> " You could use any kind of VPN you want with the remote site.  Use an IPSEC
> tunnel between hosts if you don't trust SSL.  Or OpenVPN with blowfish."
> No, because the SVN is on a SaaS cloud, so we just have access to the
> service and not the system. So we can't install a VPN server and remember,
> vpn and ipsec use SSL. Search on google about SSL Spoofing ;)

Can you point me to something specific?  I see things about spoofing 
some other site's certificate and some things about specific 
implementations being subject to man-in-the-middle attacks but nothing 
that looks like a generic weakness.  If you are concerned about your 
service provider (who would have the best opportunity to arrange a 
man-in-the-middle connection), maybe you should use someone else - or a 
service that lets you run your own system images where you could set up 
a blowfish-based vpn.

  Les Mikesell

View raw message