[haiku-development] Re: List of svn-users
- From: "Axel Dörfler" <axeld@xxxxxxxxxxxxxxxx>
- To: haiku-development@xxxxxxxxxxxxx
- Date: Wed, 02 Sep 2009 15:15:05 +0200 CEST
Oliver Tappe <zooey@xxxxxxxxxxxxxxx> wrote:
> On 2009-09-02 at 14:20:50 [+0200], Axel Dörfler <axeld@xxxxxxxxxxxxxxxx>
> > wrote:
> > Oliver Tappe <zooey@xxxxxxxxxxxxxxx> wrote:
> > > In order to be able to (write-)access the subversion repository
> > > via
> > > http,
> > > too, a htdigest of a password of your choice is required.
> > > In order to get such a beast, you need to execute the following
> > > command:
> > >
> > > htdigest2 -c <username>.htdig haiku-svn <username>
> > I guess this is for accessing via https not http?
> Well, kind of: it is for authenticated access (which will be
> triggered
> whenever you are trying to write something in the repo). As the
> server is
> configured currently, it does not even use https at all, because it
> would
> increase the load on the webserver and I thought using http-digest
> authentication (which does not involve sending a password over the
> net) would
> be good enough. Naturally, http-digest auth is vulnerable to
> man-in-the-middle attacks, but so is SSL (unless someone takes care
> to
> actually verify the certificate).
Ah, I didn't know http-digest before.
> But if there's concern about that, I would not be opposed to moving
> to https
> for repository write access.
Sounds good enough for me; encrypting the contents when they are
readable by everyone doesn't make that much sense anyhow :-)
Bye,
Axel.
Other related posts:
