Monticello authentication methods?
Bert Freudenberg
bert at freudenbergs.de
Wed Sep 13 20:42:39 UTC 2006
Bakki Kudva wrote:
> Hi all,
>
> I have a web server which currently runs subversion but uses only
> BasicAuth on Apache2. I'd like to change it to Digest authentication.
> I was wondering if Monticello supports Digest? Any suggestions on the
> best practice for securing a Monticello repository? Thanks,
My version at http://source.impara.de/mc.html does. Not sure if it was
merged into other versions.
You will need to patch the HTTPSocket>>md5Hash: method with a class that
provides MD5 hashing - should be in one of the Crypto packages.
Note that this is not doing you any good security-wise, because MC will
send the basic-auth user:password anyway, and only if that fails, digest
is tried. HTTPSocket authentication needs to be completely reworked.
- Bert -
More information about the Squeak-dev
mailing list
|