On Aug 30, 2006, at 21:23, Jim Weir wrote:
>>>> Basically, you just add usernames and password for the users
>>>> that need to
>>>> use the product.
>>>
>>> Is this password being sent plain text?
>>
>> Over the wire, some type of CRAM-MD5 is used, so the plain-text
>> password is not sent over the network. It is stored in plain text
>> on the server hard disk, as you see.
>
> Is this a potential security risk? How can I avoid this?
Some will consider this a security risk. To avoid it, don't use
svnserve by itself. Use svn+ssh, or https with one of the several
available Apache password verification systems, such as LDAP. Even
just a boring Apache .htpasswd file is encrypted.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Aug 30 22:56:42 2006