Changes between Version 3 and Version 4 of TracAuthenticationIntroduction
- Timestamp:
- May 29, 2007, 11:46:12 AM (17 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracAuthenticationIntroduction
v3 v4 57 57 You really do want your subversion repository to be using the same names as the Trac authentication names so that labelling of changesets matches with names assigned to tickets etc. This means there is a great advantage in using DAV access to the subversion database and sharing the authentication (password) files between Trac and the WebDAV areas (maybe using group access to give a subset of the users access to the subversion database), although this can be done in other ways. 58 58 59 In the authentication methods shown here the password pretty much travels in clear text over the network. You can use Digest authentication to prevent the clear text password going over the network, but this can still be sniffed and replayed. If you require greater security then you really ''should'' use SSL for encryption, or another means of access control.59 In the authentication methods shown here the password pretty much travels in clear text over the network. You can use Digest authentication to prevent the clear text password going over the network, but this can still be sniffed and subjected to off-line dictionary search attack. If you require greater security then you really ''should'' use SSL for encryption, or another means of access control.