On Tue, Feb 15, 2011 at 4:11 PM, Keith Palmer Jr. <ke...@consolibyte.com> wrote: > > We'd like to use the svn:// protocol to check out some code over a WAN, but > we want to make sure that the code isn't traveling over the WAN in plain-text. > > If we set up the repo to require min-compression 128 via SASL, does that > encrypt *just the authentication* or does that *encrypt the actual data > transfer* too? > > > I've asked just about everywhere else and can't seem to get a straight answer > out of anyone- some people say yes, some people say no.
Capture a small checkout using Wireshark and see for yourself. Reading this file: http://svn.apache.org/repos/asf/subversion/trunk/notes/sasl.txt And the Known Issues regarding TLS. It almost sounds like the login process is a plain text conversation, although with DIGEST-MD5 perhaps still relatively secure, and then only after you have authenticated it can encrypt the data? I think you would want to capture the traffic to see for yourself. Or use something like SSH or https and not have any doubts. -- Thanks Mark Phippard http://markphip.blogspot.com/
