On Sun, 2011-01-02 at 22:43 -0500, Nico Kadel-Garcia wrote: > It's possible to do secure Subversion. Use svn+ssh access, disable or > block other services at the firewall, and keep it away from HTTP/HTTPS > in order to prevent UNIx or Linux client plaintext password storage.
Apologies in advance if this is covered somewhere, but can someone explain (or point me to some references on) why using SVN w/ Apache (HTTPS) is insecure? I've seen some references to plain text password storage, but I don't see my password on my server. The passwords in my svnusers files look like hashes, which makes sense because I use the "-m" option to htpasswd2 when creating them. What am I missing? Best regards, Nick
