On Fri, Jan 31, 2003 at 01:24:45PM +0100, Thomas Wouters wrote: > On Thu, Jan 30, 2003 at 11:58:59PM -0500, Matt Zimmerman wrote: > > Currently, the only secure access method for subversion is to use a local > > repository. cvs can be quite reasonably secured using rsh-tunneled > > operation with ssh, while the only network option for subversion is https, > > and subversion does not verify server certificates, leaving the door open > > for a man-in-the-middle attack. > For network access, subversion uses WebDAV (with DeltaV) which is an > extension of HTTP specifically designed to also work with HTTPS and proxies > and such. As such, it is as secure from attacks such as man-in-the-middle as > the SSL implementation. So the subversion client provides a visible indicator when there's a certificate path problem, unlike the majority of SSL-enabled text web browsers? -- Steve Langasek postmodern programmer
Attachment:
pgp4lGWbIo5zl.pgp
Description: PGP signature