Subversion and HTTP repositories

Matt Lee

Stolen image of Matt Lee, who probably isn’t hacking you but knows enough to be dangerous. Click the image for full story on how Matt is not the bad guy his photo is repeatedly used for.

Noted that some subversion repositories use HTTP and HTTPS URI instead of using SVN+SSH.

HTTP or HTTPS repositories use HTTP Auth to authenticate. HTTP Auth sends the username and password base64 encoded with every request.

With HTTP repositories this means that the username and password can be intercepted trivially.

If you discover you are using HTTP repositories, when HTTPS is available, you can switch to the HTTPS version using the command:

svn relocate http https

From within the checked out copy of the repository. The relocate command can also be used if the server name changes, it just changes the prefix of the repository.

You then want to change your password because you’ve splashed it around in plain text on the Internet, and subversion will ask for the credentials on your next commit.