[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Any progress with svnserve.conf encryption? (was: Re: using (or coding support for) encrypted passwords)

From: Dave_Thomas mailing lists <davelist_at_peoplemerge.com>
Date: 2006-12-05 23:51:36 CET

Hi,

I see recent active discussions. Has a SASL-enabled server been
implemented?

Alternatives won't seem to work for us. Svn+ssh will add performance
overhead for large binary transactions. Httpd has proven less effective due
to timeouts with very large transactions.

Dave

 From: Malcolm Rowe
<malcolm-svn-dev_at_farside.org.uk<malcolm-svn-dev_at_farside.org.uk?Subject=Re:%20using%20%28or%20coding%20support%20for%29%20encrypted%20passwords>>

Date: 2006-10-27 01:53:47 CEST

On Mon, Oct 23, 2006 at 11:55:56AM +0200, Alexis Huxley wrote:
*> > > Is there any way to use encrypted passwords in <repo>/conf/passwd *
*> > > instead of plaintext? *
*> And for the server side? Is any reason for not encrypting the passwords *
*> there? If not, is this something planned? Is it a bite-size problem? *
*> *

This is partly the same as the client problem -- there's no global
Keychain-like service that we can rely on.

Additionally, though we could use {ROT13, CryptoAPI, Keychain} storage
on the server side, we'd need a utility to manage those passwords.

The 'right' answer might well be to use a SASL-enabled server - you can
then use whatever secure password storage that you have available.

Regards,
Malcolm
Received on Tue Dec 5 23:51:50 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.