Nico Kadel-Garcia wrote on Thu, 1 Jul 2010 at 17:18 -0400: > On Thu, Jul 1, 2010 at 1:38 PM, Daniel Shahaf <d...@daniel.shahaf.name> wrote: > > Nico Kadel-Garcia wrote on Thu, 1 Jul 2010 at 08:06 -0400: > >> Second: throw HTTPS based access the heck out. > > > > Isn't this irrelevant to the OP's question? > > Nope. He's using mod_dav_svn and LDAP authentication HTTP or HTTPS, > and the problem is on the server end. If the issue is in mod_dav_svn, > the https server, or in other work he's done to the system, such as a > flaw in the LDAP integration, then sidestepping the entire HTTPS > system should help resolve the problem.
It would have been nice to point all this in the previous post, instead of just claiming that "mod_dav_svn is insecure so you shouldn't use it" --- *that* point is irrelevant (and not entirely correct). Daniel
