[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Obfuscate auth info

From: Alex Holst <a_at_mongers.org>
Date: 2006-10-18 19:12:07 CEST

Quoting C. Michael Pilato (cmpilato@collab.net):
> > None of this will stop attackers. And, while the change may indeed stop
> > users from complaning, you'll simply end up with security professionals,
> > like me, complaining that subversion "tricks" users into not
> > investigating alternatives to plain text passwords.
>
> Did you miss the part of the patch which writes the following to each
> auth storage file?

No, I read it. I don't feel it changes my argument. Users will still
think they are more "secure" because they can't read the password, so
they think others can't either.

Please don't commit this change.

-- 
I prefer the dark of the night, after midnight and before four-thirty,
when it's more bare, more hollow.                http://a.mongers.org 
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Oct 18 19:12:41 2006

This is an archived mail posted to the Subversion Dev mailing list.