[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: subversion reveals passwords

From: David Glasser <glasser_at_davidglasser.net>
Date: Sun, 6 Apr 2008 23:18:00 -0700

On Sun, Apr 6, 2008 at 11:12 PM, <ghudson_at_mit.edu> wrote:
> 4. Given that users are going to store
> their Subversion passwords on disk one way or another, you would be
> much better off assigning them randomly and treating them like a web
> hosting provider treats database passwords: a shared secret between
> the client and server apps.

btw, folks might be interested in this:


Lets you maintain a simple directory-structured database of passwords
and automatically regenerate users' password (if it gets leaked, say);
there is Apache authorization plugin and a Cyrus SASL plugin (for
svnserve 1.5).


David Glasser | glasser@davidglasser.net | http://www.davidglasser.net/
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-07 08:18:11 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.