[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve password store in clear text

From: Benjamin Pflugmann <benjamin-svn-dev_at_pflugmann.de>
Date: 2004-06-03 20:58:37 CEST

On Thu 2004-06-03 at 14:39:53 +0800, Ng, Wey Han wrote:
> > Also, it stops administrators from seeing the password accidentally.
> > E.g. I run a small SVN server at my company, but I'm not a proper
> > system administrator. Users want to use the same password for the
> > SVN server as for the network. However, users don't want me to know
> > their password, and I actively don't want to know their passwords.
> > With the current system I have to see all their passwords - if the
> > system used a password hash then users could just send me that hash.
>
> This is exactly my concern when I raise the issue. Although I have already
> written a shell script as a cgi script to make password changes over the web
> interface, rather then getting the user to send me the hash. I have found
> that getting the user to send me the hash reduce the comfort feeling for the
> user.
>
> > Although theoretically I might be able to use a brute-force or
> > dictionary attack against their password, I'm not going to.
> > (Even reversible encryption/obfuscation on the password would meet
> > this goal).
>
> Yeah. Same here. BTW, how did you manage to read my mind so completely? :)

That means, simply base64 encoding would do for you?

Bye,

        Benjamin.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jun 3 21:01:19 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.