Re: subversion reveals passwords

From: David Glasser <glasser_at_davidglasser.net>
Date: Sun, 6 Apr 2008 23:18:00 -0700

On Sun, Apr 6, 2008 at 11:12 PM, <ghudson_at_mit.edu> wrote:
> 4. Given that users are going to store
> their Subversion passwords on disk one way or another, you would be
> much better off assigning them randomly and treating them like a web
> hosting provider treats database passwords: a shared secret between
> the client and server apps.

btw, folks might be interested in this:

http://gvn.googlecode.com/svn/trunk/contrib/userdb/

Lets you maintain a simple directory-structured database of passwords
and automatically regenerate users' password (if it gets leaked, say);
there is Apache authorization plugin and a Cyrus SASL plugin (for
svnserve 1.5).

--dave

-- 
David Glasser | glasser@davidglasser.net | http://www.davidglasser.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org

Received on 2008-04-07 08:18:11 CEST

This message: [ Message body ]
Next message: Duncan Booth: "RE: subversion reveals passwords"
Previous message: ghudson_at_MIT.EDU: "Re: subversion reveals passwords"
In reply to: ghudson_at_MIT.EDU: "Re: subversion reveals passwords"
Next in thread: Duncan Booth: "RE: subversion reveals passwords"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]