Branko Èibej <brane@xbc.nu> wrote on 06/03/2004 06:15:42 PM:
> Mark Benedetto King wrote:
>
> >On Thu, Jun 03, 2004 at 12:02:32PM +0800, Ng, Wey Han wrote:
> >
> >
> >>I have a proposal. Here goes:
> >>
> >>In the libsvn_ra_svn library the compute_digest (in cram.c) function
the
> >>
> >>
> >
> >Your suggestion boils down to "have svn treat the secret as if it were
> >really MD5(secret)".
> >
> >If the problem you're trying to solve is one of people not liking their
> >favorite plaintext passwords to exist in files on the svn server, why
> >not just have them generate hashes of their plaintext passwords and
> >send you those? You can put those in the password file (or write a
> >CGI program to do it).
> >
> >They enter that hash rather than their plaintext password the one time
> >that svn asks them for it, and voila, everything works.
> >
> >As an added benefit, they can use whatever hash function they want!
> >
> >
> That doesn't mean a thing, you know. Anyone who can read the "hashed"
> password can still spoof the user id -- since it's not actually hashed,
> it's just a weird-looking plain text password.
>
True, but the issue as stated, by at least 2 people, was simply that the
administrator did not want to be able to see the user's passwords in plain
text nor have to make the user's give him their passwords in plain text.
The hash idea is a simple solution to that problem and does not require
any coding changes :)
If someone wants a higher degree of security then they can use Apache and
SSL or I suppose SSH+SVN. If we recreate all of that in svnserve it will
wind up being harder to setup than Apache and the code will be a lot more
difficult to maintain.
I realize you were not necessarily advocating that any changes be made.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Jun 4 02:33:14 2004