Authentication between Mingle

Follow

Comments

3 comments

  • Avatar
    Mike Aleksiuk

    Hi Lisa,


    This is a difficult question to answer because it depends more on your Subversion configuration than it does on Mingle.  Mingle does not do any of its own encryption or LDAP authentication with respect to Subversion, but does support configurations that are secure and LDAP-fronted.  For example:


    1. One popular way of using Subversion is to front it with Apache.  You can configure Apache to authenticate via LDAP if you like, and Mingle can communicate to Apache securely via HTTPS.


    2. A less common option is to use svn+ssh.  Communication and authentication happens via SSH and is therefore secure.  You can also configure SSH authentication to use LDAP.


    3. If you don't need LDAP authentication and both Mingle and your Subversion server are located on the same secure internal network, you could have Mingle communicate directly to the Subversion server.


    Note that in all cases, the security is up to you.  The only difference between configuring the above three options in Mingle is what URL you put into Mingle's Subversion configuration form.


    I hope that helps.


    Mike

  • Avatar
    Lisa

    Hi Mike,


    Now I do know that it's the first (using SVN and front it with Apache) and Apache is configured to authenticate via LDAP and Mingle communicates via HTTPS. But how to convince people that this is safe?


    /Lisa

  • Avatar
    Mike Aleksiuk

    Hi Lisa,


    I'm not sure how to convince people that this is safe.  All I can say is that when Mingle communicates with the Subversion server via HTTPS, it is no different than when a developer is communicating to the Subversion server over HTTPS.  The only difference is that Mingle uses the Subversion username and password stored (in an encrypted form) in its database.


    I suppose that answer is no more helpful than your "it's normal SSL" one, but I don't have a better one at the moment.  Do the people you are speaking with have particular concerns?  If it helps, I can tell you that we use a library called SVNKit and that I do not know of any security issues in it, but you can try to verify this on the internet.


    Mike

Please sign in to leave a comment.