Lisa Dusseault wrote:
I'd recommend security constraints in this area, myself. Here's what WebDAV has, partly as a result of advice from previous IESG:20.1. Authentication of Clients [...]Thus: clients MUST support digest, and servers MUST NOT use Basic unless the transport is secure.
Apache backed Subversion repositories running basic+http are in flagrant violation, right?
cheers Bill
