On 4/11/14, 12:52 PM, Nico Kadel-Garcia wrote: > Do you have a pointer to that? It's a reasonable claim, I'd just not > seen anything for verifying it or testing against HTTP sites that have > HTTPS enabled, perhaps even with HTTPS only accessible behind a > closed firewall for administrative user
Apache HTTP Server can respond to multiple ports, some of which may be SSL enabled and some of which that many not. The same processes are used for either. As such even if you only have your Subversion repository running over HTTP, if you have SSL enabled for some other purpose, your Subversion related data in memory might be exposed.
