On Fri, Apr 11, 2014 at 10:26 PM, Nico Kadel-Garcia <nka...@gmail.com> wrote: > On Fri, Apr 11, 2014 at 7:10 PM, Ben Reser <b...@reser.org> wrote: >> On 4/11/14, 12:52 PM, Nico Kadel-Garcia wrote: >>> Do you have a pointer to that? It's a reasonable claim, I'd just not >>> seen anything for verifying it or testing against HTTP sites that have >>> HTTPS enabled, perhaps even with HTTPS only accessible behind a >>> closed firewall for administrative user >> >> Apache HTTP Server can respond to multiple ports, some of which may be SSL >> enabled and some of which that many not. The same processes are used for >> either. As such even if you only have your Subversion repository running >> over >> HTTP, if you have SSL enabled for some other purpose, your Subversion related >> data in memory might be exposed.
Sorry for the blank reply. The SSL based services, when managed by Apache, are normally handled by a different "VirtualHost" setting, but yes, you're right.. The same daemon and child processes have the SSL module loaded.
