2006/9/13, Bert Freudenberg <bert at freudenbergs.de>:
> Bakki Kudva wrote:
> > Hi all,
> >
> > I have a web server which currently runs subversion but uses only
> > BasicAuth on Apache2. I'd like to change it to Digest authentication.
> > I was wondering if Monticello supports Digest? Any suggestions on the
> > best practice for securing a Monticello repository? Thanks,
>
> My version at http://source.impara.de/mc.html does. Not sure if it was
> merged into other versions.
>
> You will need to patch the HTTPSocket>>md5Hash: method with a class that
>   provides MD5 hashing - should be in one of the Crypto packages.
>
> Note that this is not doing you any good security-wise, because MC will
> send the basic-auth user:password anyway, and only if that fails, digest
> is tried. HTTPSocket authentication needs to be completely reworked.

Not only authentication, everything. The whole class is just awful.

Philippe