[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Moving away from plain-text passwords in the server-side passwd file

From: Jeff Robins <jeffrobinssae_at_gmail.com>
Date: Wed, 21 May 2008 21:27:53 -0700

On Wednesday 21 May 2008 10:11:52 am Eric Gillespie wrote:
> "Mark Phippard" <markphip_at_gmail.com> writes:
> > mechanisms we support. It would be doable to write code that
> > validates a username and password received from a client, but for
> > this to work those have to be sent in the clear over the network.
> > Those options are turned off in Subversion. Our docs say it is
> > because we do not use TLS. If the server does not know the
> > plaintext password
>
> We need TLS support, absolutely. This would have been a nice
> summer of code project ;->.
>

How hard does anyone think it would it be to add TLS, maybe an
estimation in "man-hours"? I am willing to spend some time on it, but
I don't know how fast I could get it done. My free time is limited per
day, but I hopefully have a lot of days left in my life.

> > I am basically saying we need to be clear what you can actually do
> > with SASL today.
>
> Sounds like we're in agreement, cool.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-05-22 06:28:08 CEST

This is an archived mail posted to the Subversion Dev mailing list.