Re: proposal: config option to prevent password storage

From: Karl Fogel <kfogel_at_newton.ch.collab.net>
Date: 2002-09-23 06:11:00 CEST

"Barry Scott" <barry.alan.scott@ntlworld.com> writes:
> I would put this more strongly. You must default to a policy
> of being secure.
>
> I do not trust myself or my users to remember to block this
> security hole reliably.

With `http basic' authentication, worrying about plaintext passwords
being stored on the client side has got to be some kind of joke -- the
things are flying over the net in cleartext too. Therefore I think
the current default is fine :-).

A repository that's doing some truly cryptographically secure method
of authentication presumably isn't storing stuff in plaintext on the
client side anyway.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Sep 23 06:35:15 2002

This message: [ Message body ]
Next message: David Kimdon: "[PATCH]: fix segfault on user error"
Previous message: Karl Fogel: "Re: [PATCH] implement "svn relocate", a subcommand for frobbing the wc's urls."
In reply to: Barry Scott: "RE: proposal: config option to prevent password storage"
Next in thread: Robert Schiele: "Re: proposal: config option to prevent password storage"
Reply: Robert Schiele: "Re: proposal: config option to prevent password storage"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]