Re: [PATCH] Obfuscate auth info

From: Peter Samuelson <peter_at_p12n.org>
Date: 2006-10-18 15:35:50 CEST

[Fernandes, Filipe (Bolton)]
> But having said that, it's still an issue for me and it's not far
> enough that passwords are simply base64 encoded. Better, but not
> nearly as good as if they were encrypted.

How do you propose to encrypt the passwords?

Do you want subversion to ask you for a password so it can decrypt your
other password? Sounds a bit absurd to me - I mean, in that case, why
bother to store the password at all? You should instead look at the
'store-passwords = no' setting in ~/.subversion/config.

So, this is the sort of facility that belongs somewhere _outside_
subversion. What you really want is for subversion to be able to
interface with an OS facility for secure password management....

Amazingly, subversion already does this! At least, it does if you use
a platform that includes such a facility, namely Mac OS X or Windows
NT. Password management glue for your favorite non-Windows, non-OS X
system would, I'm sure, be welcome.

application/pgp-signature attachment: Digital signature

Received on Wed Oct 18 15:36:23 2006

This message: [ Message body ]
Next message: Fernandes, Filipe (Bolton): "RE: [PATCH] Obfuscate auth info"
Previous message: Fernandes, Filipe (Bolton): "RE: [PATCH] Obfuscate auth info"
In reply to: Fernandes, Filipe (Bolton): "RE: [PATCH] Obfuscate auth info"
Next in thread: Alex Holst: "Re: [PATCH] Obfuscate auth info"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]