[Zope-dev] Re: http access to svn repos?

Chris Withers chris at simplistix.co.uk
Thu Mar 9 02:58:44 EST 2006


Tino Wildenhain wrote:
>>> I would support HTTP anonymous checkouts.  I'm really against
>>> writable HTTP checkouts because I consider the credentials
>>> mechanism for HTTP access to be extremely lame.
>>
>>
>> whether SVN or not, I'm guessing any use of HTTP basic authentication
>> mechanism qualifies as "extremely lame"!  I've no idea if this is what 
>> Jim
>> meant though :)
> 
> Well, I hope ;) 

Why? The password are never sent over the wire unencrypted?
Yes, caching them locally in cleartext blows a lot, especially since the 
files and directories that contain them are world readable, but this is 
a bug we should raise with the svn guys.

That said, I'll ask again, why are we so paranoid about security? WE're 
working on a piece of open source software here...

cheers,

Chris

-- 
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk



More information about the Zope-Dev mailing list