Hello. Subversion includes many types of connection:
* svnserve - plain password over network * svnserve + ssh - secure, but unusable slow * http - plain password over network * https - secure In the case of svnserver default instead of the password hash is transmitted over the network, and this configuration looks like a safe. But this is not so, because the MITM-server can request SASL PLAIN-authorization. In this situation, the client is unable to authenticate the server and sends the password in plain text without warning. Configuration svnserver + ssh even in local network adds more overhead to establish the connection (I have 0.3 seconds per connection). Console svn client reconnects too often (eg, svn status -u A.txt B.txt C.txt produces 6 serial connections). As a solution to this problem, it seems reasonable wrapping svnserver protocol SSL. This will, at least to check the validity of the server on the client side. And svnserver + ssl looks cheaper than svnserver + ssh in terms of overhead. -- Best regards Navrotskiy Artem
