Re: encrypted <repo>/conf/passwd? coming soon/easy to implement?

From: Marcus Rueckert <darix_at_web.de>
Date: 2006-10-26 12:41:59 CEST

On 2006-10-26 10:00:26 +0000, Alexis Huxley wrote:
> On 2006-10-23, Alexis Huxley <ahuxley@gmx.net> wrote:
>
> > ... for the server side ... Is any reason for not encrypting the passwords
> > there? If not, is this something planned? Is it a bite-size problem?
>
> Nobody answered this so I thought I'd just give the thread a little
> poke before I block svn:// access.
>
> Is this something planned or easy to implement?

if you are already worried about the server side. do you know that
passwords are stored on the client side in plain text too?

even for http(s) based access. only svn+ssh doesnt suffer from that.

the explaination is pretty simple: CRAM-MD5 as used in the svn://
protocol requires the plain text password on both sides. but on the
other hand it gives you secure password transport on the wire. without
the need of SSL/TLS.

hope this helps

darix

-- 
           openSUSE - SUSE Linux is my linux
               openSUSE is good for you
                   www.opensuse.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Thu Oct 26 12:44:59 2006

This message: [ Message body ]
Next message: Malcolm Rowe: "Cygwin test failures"
Previous message: Kamesh Jayachandran: "Re: [PATCH][MERGE-TRACKING] Step 4 of recording copyfrom info in mergeinfo during a repos to repos copy"
In reply to: Alexis Huxley: "encrypted <repo>/conf/passwd? coming soon/easy to implement?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]