[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: proposal: config option to prevent password storage

From: Robert Schiele <rschiele_at_uni-mannheim.de>
Date: 2002-09-23 09:04:05 CEST

On Sun, Sep 22, 2002 at 11:11:00PM -0500, Karl Fogel wrote:
> "Barry Scott" <barry.alan.scott@ntlworld.com> writes:
> > I would put this more strongly. You must default to a policy
> > of being secure.
> >
> > I do not trust myself or my users to remember to block this
> > security hole reliably.
>
> With `http basic' authentication, worrying about plaintext passwords
> being stored on the client side has got to be some kind of joke -- the
> things are flying over the net in cleartext too. Therefore I think
> the current default is fine :-).

Note that there exist http daemons with ssl encryption for some
years. Even apache is capable doing that.

Robert

-- 
Robert Schiele			Tel.: +49-621-181-2517
Dipl.-Wirtsch.informatiker	mailto:rschiele@uni-mannheim.de

  • application/pgp-signature attachment: stored
Received on Mon Sep 23 09:06:05 2002

This is an archived mail posted to the Subversion Dev mailing list.