Re: dont-save-plaintext-passwords-by-default branch done (2nd try)

From: Stefan Sperling <stsp_at_elego.de>
Date: Thu, 1 May 2008 14:19:38 +0200

On Wed, Apr 30, 2008 at 08:52:21PM +0200, Arfrever Frehtes Taifersar Arahesis wrote:
> What is the behavior wrt empty passwords?
> IMHO they should be stored plaintextly without prompting.

Why?

We want to make people aware when Subversion can only store
passwords in plaintext in their setup, regardless of the strength
of their password. Having a special case like this does not help
us achieve that goal.

Also, an "empty" password arguably means the password is
'hit the enter key', so it can still be considered a password,
albeit a ridiculously weak one. Why should we assume that all
people always want Subversion to store this password in plaintext?

-- 
Stefan Sperling <stsp_at_elego.de>                    Software Monkey
 
German law requires the following banner :(
elego Software Solutions GmbH                            HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12        Tel:  +49 30 23 45 86 96 
13355 Berlin                              Fax:  +49 30 23 45 86 95
http://www.elego.de                               CEO: Olaf Wagner
 
Store password unencrypted (yes/no)? No

application/pgp-signature attachment: stored

Received on 2008-05-01 14:17:52 CEST

This message: [ Message body ]
Next message: Mark Phippard: "Re: Svnserve and sasl issues (Win32)"
Previous message: David Glasser: "Re: "svn resolve --accept=mine-full" is not loggy"
Next in thread: Arfrever Frehtes Taifersar Arahesis: "Re: dont-save-plaintext-passwords-by-default branch done (2nd try)"
Reply: Arfrever Frehtes Taifersar Arahesis: "Re: dont-save-plaintext-passwords-by-default branch done (2nd try)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]