Oliver Tappe <zooey@xxxxxxxxxxxxxxx> wrote: > On 2009-09-02 at 14:20:50 [+0200], Axel Dörfler <axeld@xxxxxxxxxxxxxxxx> > > wrote: > > Oliver Tappe <zooey@xxxxxxxxxxxxxxx> wrote: > > > In order to be able to (write-)access the subversion repository > > > via > > > http, > > > too, a htdigest of a password of your choice is required. > > > In order to get such a beast, you need to execute the following > > > command: > > > > > > htdigest2 -c <username>.htdig haiku-svn <username> > > I guess this is for accessing via https not http? > Well, kind of: it is for authenticated access (which will be > triggered > whenever you are trying to write something in the repo). As the > server is > configured currently, it does not even use https at all, because it > would > increase the load on the webserver and I thought using http-digest > authentication (which does not involve sending a password over the > net) would > be good enough. Naturally, http-digest auth is vulnerable to > man-in-the-middle attacks, but so is SSL (unless someone takes care > to > actually verify the certificate). Ah, I didn't know http-digest before. > But if there's concern about that, I would not be opposed to moving > to https > for repository write access. Sounds good enough for me; encrypting the contents when they are readable by everyone doesn't make that much sense anyhow :-) Bye, Axel.