On Tuesday 13 January 2009, Johannes Schindelin <Johannes.Schindelin@xxxxxx> wrote about 'Re: git/webdav is refusing to authenticate properly.': >Oh, and FWIW: trying to ridicule the way Git does it completely misses > the fact that you are using such a ridiculously weak authentication > scheme anyway that you could just as well open the window and shout your > password out loud. Using DIGEST auth would help, although it is still quite vulnerable, but I couldn't convince git to use that either. I'm pretty sure even PLAIN auth is acceptable (security-wise) if used over SSL/TLS. It would be really nice for contributors behind oppressive firewalls if they could push via https and not have their passwords exposed to the local BOFH. (Who else sets up an oppressive firewall?) SVN supported it. It would be nice to add it to the list of git features. Still, it's just not important enough to me right now to make the time to throw together a PATCH/RFC. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@xxxxxxxxxxxxxxxxx ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.
