Re: svnserve password store in clear text

From: Mark Benedetto King <mbk_at_lowlatency.com>
Date: 2004-06-03 16:47:44 CEST

On Thu, Jun 03, 2004 at 12:02:32PM +0800, Ng, Wey Han wrote:
>
> I have a proposal. Here goes:
>
> In the libsvn_ra_svn library the compute_digest (in cram.c) function the

Your suggestion boils down to "have svn treat the secret as if it were
really MD5(secret)".

If the problem you're trying to solve is one of people not liking their
favorite plaintext passwords to exist in files on the svn server, why
not just have them generate hashes of their plaintext passwords and
send you those? You can put those in the password file (or write a
CGI program to do it).

They enter that hash rather than their plaintext password the one time
that svn asks them for it, and voila, everything works.

As an added benefit, they can use whatever hash function they want!

--ben

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jun 3 17:24:58 2004

This message: [ Message body ]
Next message: Mark Phippard: "Re: svnserve password store in clear text"
Previous message: Mark Phippard: "RE: svnserve password store in clear text"
In reply to: Ng, Wey Han: "RE: svnserve password store in clear text"
Next in thread: Mark Phippard: "Re: svnserve password store in clear text"
Reply: Mark Phippard: "Re: svnserve password store in clear text"
Reply: Branko Čibej: "Re: svnserve password store in clear text"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]