Greg Hudson wrote:
>(2) The safety of the password over the net is totally orthogonal to the
>safety of the password as stored on the client (or server). We already
>have a decent story there.
>
>
Well of course, and I never claimed otherwise.
>>Nobody uses CVS passwords because it is so insecure. Instead, most
>>people run CVS via ssh which does not store passwords. It's not a fair
>>comparison.
>>
>>
>But you can use svn over ssh too. It's almost exactly the same story,
>and it's a perfectly fair comparison.
>
>
It's not a question of what you can do, it's a question of what the
default use case is. I'm saying that because CVS has such a long history
of security holes, most admins stay away from pserver and use ssh
instead when using an insecure network, and that makes the comparison
that CVS stores passwords unfair. Subversion has a much better
reputation and because of the nice security mechanisms it gets from its
use of Apache httpd, ssh tunneling is not really needed in most cases,
and a comparison with ssh would be a lot more relevant.
It would be a much better situation if Subversion did not cache
passwords by default, and that you could either enable caching by
editing the config file, or make it cache the passwords it learns from a
single session by running something like "svn co --store-passwords".
It's secure by default, and it's also easy to understand and to
document. It's often the admin that cares if the users store their
passwords or not, and right now the admin has to instruct all users to
edit their config files (which is not oly platform dependent but also
difficult and error prone for non programmers). It's a much better
situation if the admin can just tell the users not to store their passwords.
/Tobias
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 4 14:36:25 2005