HTTP身份验证不会保护通过电话传输的包，所以如果您担心窃听者HTTP认证是不够的。另外，使用git协议的git比HTTP协议的效率高得多。然而，git-daemon不会为你执行身份验证。

可能***的解决方案是使用 gitosis ，它可以让你使用ssh保护存储库 - 加密性强的认证，并通过网络保密并控制对存储库的访问（例如，有些用户是可读写的，有些用户是只读的）。这将在你的ssh连接上使用高效的git协议。

如果你愿意把它外包， github 也许是***的方法。他们有不同的价位计划以满足许多需求。

I need an application to be able to fetch from a git repository but not push to it, so, that's the read-only part. That could easily be done with git daemon.

On top of that, I need access to said repository to be password-protected, including for reading it. So before any fetching can happen, the application will need to authenticate.

Is it doable? with git daemon? something else? http + auth maybe?

HTTP authentication will not protect the pack being transmitted over the wire, so if you are worried about eavesdroppers HTTP authentication will not suffice. Also, git is much more efficient using the git protocol than the HTTP protocol. git-daemon, however, does not do authentication for you.

Probably the best solution is to use gitosis which will allow you to protect the repository using ssh--cryptographically strong authentication, and confidentiality over the wire--and control access to the repository as well (e.g., have some users read-write and some users read-only). This will use the efficient git protocol over your ssh connection.

If you are willing to outsource this, github is perhaps the best approach. They have plans at different price points to meet many needs.