Guten Tag Ben Reser, am Samstag, 12. April 2014 um 01:10 schrieben Sie: > As such even if you only have your Subversion repository running over > HTTP, if you have SSL enabled for some other purpose, your Subversion related > data in memory might be exposed.
Are you sure about that? From my understanding it is necessary that data passes OpenSSL's memory to get retrieved because it implements it's own malloc. I had the feeling that in case of heartbleed only sending passwords over http would have been the "more secure" way because in that case they wouldn't have been retrievable because they never passed memory allocated using OPENSSL_malloc() at all. Mit freundlichen Grüßen, Thorsten Schöning -- Thorsten Schöning E-Mail:thorsten.schoen...@am-soft.de AM-SoFT IT-Systeme http://www.AM-SoFT.de/ Telefon...........05151- 9468- 55 Fax...............05151- 9468- 88 Mobil..............0178-8 9468- 04 AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow
