Re: Repository Passwords are in clear text?

From: Ryan Schmidt <subversion-2005_at_ryandesign.com>
Date: 2005-11-16 14:03:15 CET

On Nov 16, 2005, at 00:35, Gavin Lambert wrote:

> I think Apache's .htpasswd files are a good compromise here.
> Passwords
> are stored in base64, which is of course easily reversible, but it
> means
> that a casual glance doesn't reveal passwords. You actually have to
> open the file with the intent to extract passwords to do so.

Just to set the record straight about Apache: .htpasswd files do not
use base64 encoding. They use md5 hashing by default on Windows,
Netware and TPF, and crypt encryption on all other operating systems,
or you can also use sha hashing. None of these are reversible.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Nov 16 14:05:33 2005

This message: [ Message body ]
Next message: Andy Levy: "Re: Subversion with VB6?"
Previous message: Gale, David: "RE: Re: 2nd+ co too slow"
In reply to: Gavin Lambert: "RE: Repository Passwords are in clear text?"
Next in thread: Greg Thomas: "Re: Repository Passwords are in clear text?"
Reply: Greg Thomas: "Re: Repository Passwords are in clear text?"
Reply: Gavin Lambert: "RE: Repository Passwords are in clear text?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]