Re: [PATCH] Obfuscate auth info

From: Alex Holst <a_at_mongers.org>
Date: 2006-10-18 19:12:07 CEST

Quoting C. Michael Pilato (cmpilato@collab.net):
> > None of this will stop attackers. And, while the change may indeed stop
> > users from complaning, you'll simply end up with security professionals,
> > like me, complaining that subversion "tricks" users into not
> > investigating alternatives to plain text passwords.
>
> Did you miss the part of the patch which writes the following to each
> auth storage file?

No, I read it. I don't feel it changes my argument. Users will still
think they are more "secure" because they can't read the password, so
they think others can't either.

Please don't commit this change.

-- 
I prefer the dark of the night, after midnight and before four-thirty,
when it's more bare, more hollow.                http://a.mongers.org 
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Wed Oct 18 19:12:41 2006

This message: [ Message body ]
Next message: Daniel Rall: "Re: svn commit: r22012 - trunk/subversion/tests/cmdline"
Previous message: Asbjørn Pettersen: "commit.c suggestion"
In reply to: C. Michael Pilato: "Re: [PATCH] Obfuscate auth info"
Next in thread: Justin Erenkrantz: "Re: [PATCH] Obfuscate auth info"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]