[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: passwords in subversion

From: Jim Correia <jim.correia_at_pobox.com>
Date: 2004-12-11 21:57:03 CET

On Dec 11, 2004, at 2:46 PM, Ben Collins-Sussman wrote:

> Hey Ben Reser -- do you believe me now? Rainer is repeating what I've
> heard over and over: that despite making a file chmod 700, users
> still complain about the fact that "everyone who passes" by the screen
> can read them. This is why I continue to advocate even *trivial*
> ciphering like rot13. I'm tired of hearing this complaint.\

Perhaps an alternative or additional solution is to ship a script - say
svnpasswd - that can manage the password file like htpasswd does. The
admin could still open up and see all the passwords this way, but it
gives a way to manage user passwords without opening up the file and
having to see all the passwords.

I'm not going to do anything malicious with my users' passwords, and
they know that. But people being what they are, tend to reuse passwords
and I'd rather avoid even having to see their passwords if I could.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Dec 11 21:58:17 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.