[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] don't store plain-text passwords by default

From: Stefan Sperling <stsp_at_elego.de>
Date: Mon, 21 Apr 2008 02:34:28 +0200

On Mon, Apr 21, 2008 at 01:46:52AM +0200, Martin Furter wrote:
> This "don't store plain-text" patch will just annoy the users and everyone
> will go back to the old behaviour. Additionally those loud security people
> will continue complaining because the problem isn't solved.

One point I forgot:

You are not defining "the problem" which should be solved.

I don't know what problem you are thinking of exactly, but
this is the problem I want to solve with the branch I'm
working on (quoting myself from another mail in this thread):

  The goal is to make sure that as many people as possible are
  instantly made aware of how bad the current situation regarding
  password caching on Linux/*BSD really is the minute they start
  using Subversion, so they can act accordingly.
  The patch aims to help to achieve that particular goal, nothing else.

This description about the problem is in isolation from all the
new crypto stuff we're adding or planning to add, which will
change the "current" situation quite a bit. But the plaintext
case will not go away, so we need sane behaviour for it.


Stefan Sperling <stsp_at_elego.de>                    Software Monkey
German law requires the following banner :(
elego Software Solutions GmbH                            HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12        Tel:  +49 30 23 45 86 96 
13355 Berlin                              Fax:  +49 30 23 45 86 95
http://www.elego.de                               CEO: Olaf Wagner
Store password unencrypted (yes/no)? No

  • application/pgp-signature attachment: stored
Received on 2008-04-22 10:41:23 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.