> -----Original Message----- > From: [email protected] [mailto:[EMAIL PROTECTED] > On Behalf Of adamiis111 > Sent: Thursday, July 17, 2008 9:32 AM > To: Trac Users > Subject: [Trac] Best Authentication solution for typical installations > > > I hate to start this thread, but there's a paucity of information out > there for the best practices solutions for a typical Trac > installation. Since we're in the brave new world of Trac 0.11, here > would be my question: > > What is the best solution for a Trac installation with the following > criteria: > > ------- > Scenario 1: > Trac 0.11 > Subversion 1.5 > Apache 2.2 > Linux > 5-10 Users - all trustworthy > Easy installation > Secure but nobody is going to die if there's a leak as long as no data > is permanently deleted from Subversion or Trac. > Other virtual hosts are on the machine > > ------- > Scenario 2: > Same as Scenario 1 but there are 50+ users and the Subversion > repository must be secure from 'easy' attacks (please no comments > about firewalls, layered security, etc... - that's all out of scope). > > Thanks for any help. I currently have a nice new Trac 0.11 setup on > Ubuntu 8.04 and really I just want to decide what the best solution is > for this since user management seems to have been left to the end > users.
If you are using SSL, htpasswd is simpler to setup and get running by maybe 1% (do not use it without SSL, though really you should be using SSL for everything these days). Htdigest is secure against MitM-style listener attacks, so in theory it is better if SSL is not an option. --Noah --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
