[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: RFC: Encrypting ~/.subversion/auth on Windows

From: Sigfred Håversen <bsdlist_at_mumak.com>
Date: 2004-11-13 02:20:24 CET

On Saturday 13 November 2004 02.03, Ben Collins-Sussman wrote:
> On Nov 12, 2004, at 6:31 PM, Sigfred Håversen wrote:
> > Slightly offtopic, why not encrypt the passwords for svnserve?
>
> IIRC, because of the way the CRAM-MD5 algorithm works, the server needs
> access to the actual password, not a hashed version of it.

IIRC, httpd has hashed user passwords even for CRAM-MD5, but I'll have to
check the documentation for this. My use of passwords for httpd goes over
https, except for LAN (yeah I know thats bad, but Visual SourceSafe is even
worse, and I've had to "sell" Subversion to my bosses last autumn....)

/Sigfred

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Nov 13 02:21:13 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.