[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: dont-save-plaintext-passwords-by-default branch done (2nd try)

From: Stefan Sperling <stsp_at_elego.de>
Date: Thu, 1 May 2008 14:19:38 +0200

On Wed, Apr 30, 2008 at 08:52:21PM +0200, Arfrever Frehtes Taifersar Arahesis wrote:
> What is the behavior wrt empty passwords?
> IMHO they should be stored plaintextly without prompting.

Why?

We want to make people aware when Subversion can only store
passwords in plaintext in their setup, regardless of the strength
of their password. Having a special case like this does not help
us achieve that goal.

Also, an "empty" password arguably means the password is
'hit the enter key', so it can still be considered a password,
albeit a ridiculously weak one. Why should we assume that all
people always want Subversion to store this password in plaintext?

-- 
Stefan Sperling <stsp_at_elego.de>                    Software Monkey
 
German law requires the following banner :(
elego Software Solutions GmbH                            HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12        Tel:  +49 30 23 45 86 96 
13355 Berlin                              Fax:  +49 30 23 45 86 95
http://www.elego.de                               CEO: Olaf Wagner
 
Store password unencrypted (yes/no)? No

  • application/pgp-signature attachment: stored
Received on 2008-05-01 14:17:52 CEST

This is an archived mail posted to the Subversion Dev mailing list.