Re: passwords in subversion

From: Branko Čibej <brane_at_xbc.nu>
Date: 2005-03-02 09:25:09 CET

Ben Reser wrote:

>However, the client side problem is much trickier. In order for caching
>to work with all authentication protocols we must cache the plaintext
>password.
>
>
You don't actually have to store the plaintext on either the client or
the server if you're doing CRAM-MD5, which svnserve does; you can store
an intermediate result instead. That keeps the passwords secure on the
server side (but not, of course, on the client side, where the
intermediate result is just another way to say "plain text password").

-- Brane

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Mar 2 09:34:42 2005

This message: [ Message body ]
Next message: Molle Bestefich: "Re: Very basic traffic measurement for svnserve?"
Previous message: Branko Čibej: "Re: Very basic traffic measurement for svnserve?"
Next in thread: Ben Reser: "Re: passwords in subversion"
Reply: Ben Reser: "Re: passwords in subversion"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]