Re: RFC: Encrypting ~/.subversion/auth on Windows

From: <kfogel_at_collab.net>
Date: 2004-11-15 17:25:52 CET

Branko Èibej <brane@xbc.nu> writes:
> Er, pray tell, how is this different from storing cleartext passwords
> on the server, as we're doing now? If client and server both start
> with the same hash, it's as if the hash were the cleartext password.

The benefit is that if the hash gets compromised, at least the
person's real (plaintext) password isn't revealed -- so if they're
using that same password for other systems, then at least those
systems have not been compromised.

-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Nov 15 19:22:46 2004

This message: [ Message body ]
Next message: kfogel_at_collab.net: "Re: svn commit: r11909 - in trunk/subversion: include libsvn_client libsvn_ra_dav libsvn_ra_local libsvn_ra_svn libsvn_repos mod_dav_svn svnserve"
Previous message: Peter N. Lundblad: "Re: [PATCH] Gettext support for svnserve"
In reply to: Branko Èibej: "Re: RFC: Encrypting ~/.subversion/auth on Windows"
Next in thread: Branko ÄŒibej: "Re: RFC: Encrypting ~/.subversion/auth on Windows"
Reply: Branko ÄŒibej: "Re: RFC: Encrypting ~/.subversion/auth on Windows"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]