[Zope-dev] Re: http access to svn repos?
Chris Withers
chris at simplistix.co.uk
Thu Mar 9 02:58:44 EST 2006
Tino Wildenhain wrote:
>>> I would support HTTP anonymous checkouts. I'm really against
>>> writable HTTP checkouts because I consider the credentials
>>> mechanism for HTTP access to be extremely lame.
>>
>>
>> whether SVN or not, I'm guessing any use of HTTP basic authentication
>> mechanism qualifies as "extremely lame"! I've no idea if this is what
>> Jim
>> meant though :)
>
> Well, I hope ;)
Why? The password are never sent over the wire unencrypted?
Yes, caching them locally in cleartext blows a lot, especially since the
files and directories that contain them are world readable, but this is
a bug we should raise with the svn guys.
That said, I'll ask again, why are we so paranoid about security? WE're
working on a piece of open source software here...
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope-Dev
mailing list