[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: passwords in subversion

From: Branko Čibej <brane_at_xbc.nu>
Date: 2005-03-02 09:25:09 CET

Ben Reser wrote:

>However, the client side problem is much trickier. In order for caching
>to work with all authentication protocols we must cache the plaintext
>password.
>
>
You don't actually have to store the plaintext on either the client or
the server if you're doing CRAM-MD5, which svnserve does; you can store
an intermediate result instead. That keeps the passwords secure on the
server side (but not, of course, on the client side, where the
intermediate result is just another way to say "plain text password").

-- Brane

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Mar 2 09:34:42 2005

This is an archived mail posted to the Subversion Dev mailing list.