[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: RFA: Encrypting auth info

From: Branko ─îibej <brane_at_xbc.nu>
Date: 2005-02-17 13:07:42 CET

Nicklas Norling wrote:

> Greg Stein wrote:
>
>> On Wed, Feb 16, 2005 at 05:00:27PM +0100, Branko ??ibej wrote:
>>
>>
>>> Justin Erenkrantz wrote:
>>> ...
>>>
>>>
>>>> And, there is the fundamental problem: we have no way of
>>>> guaranteeing cross-platform strong encryption. If Win32 can do
>>>> this, then just add a Win32-only provider. Yet, one API that has
>>>> strong encryption on Win32, but ROT-13 on Unix is incredibly
>>>> dangerous.
>>>>
>>>
>>> Why? I know I said "encrypt the password", but what I really mean is
>>> "handle sensitive data",
>>>
>>
>>
>> Frankly, I'd rather see Neon grow an understanding of how to send an
>> HTML
>> challenge/response. Then SVN could simply use Windows' single sign-on,
>> assuming that Apache was also configured with mod_ntlm or somesuch.
>>
>>
>>
> Is this what you where looking for?
> http://mailman.webdav.org/pipermail/neon/2005-January/001849.html
> /Nicke

Wow. This looks like it, all right. Now if only Apache grew a module
that could handle this on Unix (passing on to an NT domain or ADS server)...

-- Brane

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Feb 17 13:12:46 2005

This is an archived mail posted to the Subversion Dev mailing list.