Monticello authentication methods?

Bert Freudenberg bert at freudenbergs.de
Wed Sep 13 20:42:39 UTC 2006


Bakki Kudva wrote:
> Hi all,
> 
> I have a web server which currently runs subversion but uses only
> BasicAuth on Apache2. I'd like to change it to Digest authentication.
> I was wondering if Monticello supports Digest? Any suggestions on the
> best practice for securing a Monticello repository? Thanks,

My version at http://source.impara.de/mc.html does. Not sure if it was 
merged into other versions.

You will need to patch the HTTPSocket>>md5Hash: method with a class that 
  provides MD5 hashing - should be in one of the Crypto packages.

Note that this is not doing you any good security-wise, because MC will 
send the basic-auth user:password anyway, and only if that fails, digest 
is tried. HTTPSocket authentication needs to be completely reworked.

- Bert -



More information about the Squeak-dev mailing list