Re: passwords in subversion

From: Jim Correia <jim.correia_at_pobox.com>
Date: 2004-12-11 21:57:03 CET

On Dec 11, 2004, at 2:46 PM, Ben Collins-Sussman wrote:

> Hey Ben Reser -- do you believe me now? Rainer is repeating what I've
> heard over and over: that despite making a file chmod 700, users
> still complain about the fact that "everyone who passes" by the screen
> can read them. This is why I continue to advocate even *trivial*
> ciphering like rot13. I'm tired of hearing this complaint.\

Perhaps an alternative or additional solution is to ship a script - say
svnpasswd - that can manage the password file like htpasswd does. The
admin could still open up and see all the passwords this way, but it
gives a way to manage user passwords without opening up the file and
having to see all the passwords.

I'm not going to do anything malicious with my users' passwords, and
they know that. But people being what they are, tend to reuse passwords
and I'd rather avoid even having to see their passwords if I could.

Jim

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Dec 11 21:58:17 2004

This message: [ Message body ]
Next message: Stefan Seefeld: "Re: RFE: a flag to 'svn checkin' to set a user defined revision property"
Previous message: David James: "[RFC] If bindings are enabled, install them with standard 'install' target"
In reply to: Ben Collins-Sussman: "Re: passwords in subversion"
Next in thread: Martin A. Brooks: "Re: passwords in subversion"
Reply: Martin A. Brooks: "Re: passwords in subversion"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]