[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: C# SVN Encrypted Authentication wrapper for Windows and svnserve.exe

From: DARKGuy . <dark.guy.2008_at_gmail.com>
Date: Fri, 29 Aug 2014 14:20:36 -0430


Sorry, I was not subscribed before I sent this message, I'm more used
to forums and other kind of software than mailing lists, so excuse my
lack of netiquette in this aspect. I put the same email subject and
history in here hoping the mailing list software will catch up with

About the project I wanted to announce here, I don't know what kind of
discussion is Branko talking about, but anything else is better than
plaintext passwords, even if it's a simple base64 cipher (which in my
case is Rijndael).

It's curious how someone invests time in making something useful for
the community gets such a bad reception, nice way to welcome someone,

Anyways, I hope it ends up being useful for someone who doesn't mind
having a little bit of security, even if it's through "obscurity" or
whatever you're talking about...


From: Branko ÄŒibej <brane_at_wandisco.com>
Date: Fri, 29 Aug 2014 15:31:18 +0200
On 29.08.2014 15:04, DARKGuy . wrote:
> Hey all :)
> I'm really proud to announce a small app I wrote located here ->
> https://github.com/darkguy2008/SVNEncryptedAuth <- that will hook into
> the svnserve.exe process and encrypt the passwords located in the
> "passwd" file, while making it use a temporary file with the plaintext
> passwords on access (deleted almost immediately for security).
> This is made so the passwords don't get stored in plaintext but with
> some sort of encryption. I don't know why this wasn't planned in the
> release of that app, since we all know plaintext passwords are BAD and
> SASL is a pain to set up under Windows (also, not portable since it
> requires registry keys) and since I don't want to go with the hassle
> of downloading the source code and compiling the whole thing,
> developing an IAT hook patch was easier to do.
> I hope you guys like the project and becomes useful for anyone here.
> Comments & suggestions welcome, thanks!
> - DARKGuy
Do we really have to go through the whole "security through obscurity"
discussion again?
-- Brane
Branko ÄŒibej | Director of Subversion
WANdisco | Realising the impossibilities of Big Data
e. brane_at_wandisco.com
Received on 2014-08-29 20:51:25 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.