[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve password store in clear text

From: Mark Benedetto King <mbk_at_lowlatency.com>
Date: 2004-06-03 16:47:44 CEST

On Thu, Jun 03, 2004 at 12:02:32PM +0800, Ng, Wey Han wrote:
>
> I have a proposal. Here goes:
>
> In the libsvn_ra_svn library the compute_digest (in cram.c) function the

Your suggestion boils down to "have svn treat the secret as if it were
really MD5(secret)".

If the problem you're trying to solve is one of people not liking their
favorite plaintext passwords to exist in files on the svn server, why
not just have them generate hashes of their plaintext passwords and
send you those? You can put those in the password file (or write a
CGI program to do it).

They enter that hash rather than their plaintext password the one time
that svn asks them for it, and voila, everything works.

As an added benefit, they can use whatever hash function they want!

--ben

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jun 3 17:24:58 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.