You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Saulius Grazulis <gr...@akl.lt> on 2005/06/08 05:54:23 UTC

SSL encryption [Re: question]

On Tuesday 07 June 2005 21:13, Christopher Ness wrote:

> > (2) Will passwords be sent as cleartext or will they be encrypted?
>
> Only if you decide to *not* use SSL.  The best ways to encrypt all the
> traffic are through HTTPS or SSH+SVN.  

Eppps... (surprise). I thought SSL was encrypting all traffic, including 
passwords, no?

-- 
Saulius Gražulis

Visuomeninė organizacija "Atviras Kodas Lietuvai"
P.Vileišio g. 18
LT-10306 Vilnius
Lietuva (Lithuania)

tel/fax:      (+370-5)-210 40 05
mobilus:      (+370-684)-49802, (+370-614)-36366

Re: SSL encryption [Re: question]

Posted by Phillip Susi <ps...@cfl.rr.com>.

On Wednesday 08 June 2005 07:54, Saulius Grazulis wrote:

>On Tuesday 07 June 2005 21:13, Christopher Ness wrote:
>  
>
>>>(2) Will passwords be sent as cleartext or will they be encrypted?
>>>      
>>>
>>Only if you decide to *not* use SSL.  The best ways to encrypt all the
>>traffic are through HTTPS or SSH+SVN.  
>>    
>>
>Eppps... (surprise). I thought SSL was encrypting all traffic, including
>passwords, no?
>  
>
Actually, if you set up SSL to authenticate using client certs, there is 
no password sent over the line at all, encrypted or otherwise.  The 
client may or may not use a password of their choosing to encrypt their 
private certificate, but that doesn't involve the server at all. 

Pretty cool stuff. 

Of course, the other advantage of using https instead of ssh+svn is that 
you can access the repository using any standard web browser, or webdav 
client, such as windows web folders. 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: SSL encryption [Re: question]

Posted by Nicolas Goutte <ni...@snafu.de>.

On Wednesday 08 June 2005 07:54, Saulius Grazulis wrote:
> On Tuesday 07 June 2005 21:13, Christopher Ness wrote:
> > > (2) Will passwords be sent as cleartext or will they be encrypted?
> >
> > Only if you decide to *not* use SSL.  The best ways to encrypt all the
> > traffic are through HTTPS or SSH+SVN.  
>
> Eppps... (surprise). I thought SSL was encrypting all traffic, including
> passwords, no?

But *not* using SSL (therefore bare http:) does not protect anything. ;-)

Have a nice day!


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org