Re: Moving away from plain-text passwords in the server-side passwd file

On Wed, May 21, 2008 at 11:04 AM, Ben Collins-Sussman
<sussman_at_red-bean.com> wrote:
> On Wed, May 21, 2008 at 2:30 AM, David Glasser <glasser_at_davidglasser.net> wrote:
>
>> See http://svn.collab.net/repos/svn/trunk/notes/sasl.txt for more
>> information on using SASL with svnserve.
>
> I've documented it in the svn 1.5 book as well. Really, the barrier
> to entry isn't very high. :-)
>
> I agree with ghudson and glasser here: I do not want to see
> Subversion start inventing its own half-assed security features. It's
> a waste of energy, a reinvention of the wheel, and a maintenance
> burden. We should use the 'standard library' -- written by security
> experts, depended on by millions -- to do our security.

I also pretty much agree with this. That said, I do think there is a
problem with SASL. We like to portray it as "the answer" to this
question. For example, not to pick on Ben, but you essentially speak
of SASL when you say:

"written by security experts, depended on by millions"

The reality is that you do not have to spend very long really trying
to use Cyrus SASL to see that it is pretty half-assed. In particular
its support for Windows is virtually non-existent. I see know
possibility to use it and allow users to use their existing Windows
domain credentials, which is going to be a pretty common request.

The SASLDB feature works, but from what I read it seems like you have
simply moved your plain text passwords from a text file into a BDB
database. I am not sure if SASL makes any claims on the data in that
file being secure.

So while I think we have done the right thing in not inventing our own
security, I am not sure that SASL is really the answer either.

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org