How secure is it to use self-signed certificates? As far as I understand it, an attacker could pretend to be my server if I don't have a certificate from an authority. Is this much of a risk?
Should I buy a certificate for Subversion?
How secure is it to use self-signed certificates? As far as I understand it, an attacker could pretend to be my server if I don't have a certificate from an authority. Is this much of a risk?
Should I buy a certificate for Subversion?
There's no real harm in using self signed certs for in house projects as long as everyone is aware. From a security standpoint you may want to distribute the cert to your users so that they can ensure it's valid when they make the initial connection. There's no reason to pay for a cert in this case. A self signed cert provides the same level of cryptographic protection as a paid cert it just isn't automatically trusted by the client program.