Re: passwords in subversion

From: <kfogel_at_collab.net>
Date: 2004-12-13 18:13:49 CET

Ben Collins-Sussman <sussman@collab.net> writes:
> Agreed. But rather than implement a whole new (almost identical)
> authn system, why not just have svnserve store the user-db with a
> trivial scramble. It solves the same "over the shoulder" problem,
> with a lot less work.

We will then get lots of posts saying "Do you realize your server-side
password encryption is totally insecure?" (As happened with CVS, to a
degree.)

Of course, our answer will be "Yes, we know that." But if the point
is to avoid stimulating these posts, I'm not sure that moving from
plaintext to trivial-scrambling is going to be effective.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Dec 13 18:14:43 2004

This message: [ Message body ]
Next message: kfogel_at_collab.net: "Re: [RFC] If bindings are enabled, install them with standard 'install' target"
Previous message: kfogel_at_collab.net: "Re: Subversion's use of Berkeley DB [#11511]"
In reply to: Ben Collins-Sussman: "Re: passwords in subversion"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]