[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

using (or coding support for) encrypted passwords

From: Alexis Huxley <ahuxley_at_gmx.net>
Date: 2006-10-20 16:07:04 CEST

Is there any way to use encrypted passwords in <repo>/conf/passwd
instead of plaintext?

Secondly, is there any way for the server (apache+mod_dav_svn and
svnserve) to 'force' the client not to cache svn:// and http://
repo access passwords in plaintext?

(Clearly a user could install their own client, so perhaps the word
'force' should be 'ask' instead.)

If either of these are not possible, then ...

Are these even desirable features? If not, then why not?

And if they are desirable, then could someone please offer pointers
to the places that need to be changed? I would guess as a minimum:

        - client side: after reading password from tty, write it
          encrypted to ~/.subversion

        - server side: after reading the plain text password passed
          across the network, encrypt and compare with the (encrypted)
          passwd in <repo>/conf/passwd

        - both sides: add support for some sort of
          I-already-authenticated-myself mechanism akin to CVS's

I am aware svn+ssh:// and https:// not storing plain text passwords,
but in preliminary performance tests, we see that svn is somewhat
faster than http is a lot faster than svn+ssh is somewhat faster than
https; speed may be one of the criteria critical to user acceptance
for this migration project.

I've searched tigris/issues/book/google and also asked on the 'user'
list but not turned up anything.

Any advice appreciated! Thanks!

Alexis Huxley

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Oct 20 16:07:31 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.