Re: [TSVN] How can I avoid having the password stored as plain text

From: C William Underwood <cwillu_at_sasktel.net>
Date: 2004-06-18 00:44:57 CEST

SteveKing wrote:
> The problem is the key!
> Subversion would have to hardcode the encryption key too (or ask the
> user for one upon install).

That's more along the lines of what I would want. Encrypt the password,
and ask the user once per session/login for that password. Of course,
if we're only dealing with one password at a time, then you can drop the
whole 'storing to disk' thing and stick with the session-persistent
password.

Now, about being more secure than the operating system, there's a reason
why boot disks are useful. :) My point being that if you're storing
something sensitive, why is the user put in charge of knowing how to
protect it? Kinda like asking "Hey, User123, how do I encrypt something
on your system?" during installation, rather than asking the OS, or just
encrypting it yourself. But again, this is really a svn issue :p

--cwillu

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Fri Jun 18 09:09:36 2004

This message: [ Message body ]
Next message: Thamm, Russell: "[TSVN] Moving Directories stuffs Update"
Previous message: Steve Williams: "Re: [TSVN] Build time : 1 hour 20 min"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]