Ben Reser wrote:
>However, the client side problem is much trickier. In order for caching
>to work with all authentication protocols we must cache the plaintext
>password.
>
>
You don't actually have to store the plaintext on either the client or
the server if you're doing CRAM-MD5, which svnserve does; you can store
an intermediate result instead. That keeps the passwords secure on the
server side (but not, of course, on the client side, where the
intermediate result is just another way to say "plain text password").
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Mar 2 09:34:42 2005