[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: encrypted <repo>/conf/passwd? coming soon/easy to implement?

From: Marcus Rueckert <darix_at_web.de>
Date: 2006-10-26 12:41:59 CEST

On 2006-10-26 10:00:26 +0000, Alexis Huxley wrote:
> On 2006-10-23, Alexis Huxley <ahuxley@gmx.net> wrote:
>
> > ... for the server side ... Is any reason for not encrypting the passwords
> > there? If not, is this something planned? Is it a bite-size problem?
>
> Nobody answered this so I thought I'd just give the thread a little
> poke before I block svn:// access.
>
> Is this something planned or easy to implement?

if you are already worried about the server side. do you know that
passwords are stored on the client side in plain text too?

even for http(s) based access. only svn+ssh doesnt suffer from that.

the explaination is pretty simple: CRAM-MD5 as used in the svn://
protocol requires the plain text password on both sides. but on the
other hand it gives you secure password transport on the wire. without
the need of SSL/TLS.

hope this helps

    darix

-- 
           openSUSE - SUSE Linux is my linux
               openSUSE is good for you
                   www.opensuse.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 26 12:44:59 2006

This is an archived mail posted to the Subversion Dev mailing list.