[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Credentials security

From: Andy Levy <andy.levy_at_gmail.com>
Date: Wed, 2 Sep 2009 06:42:31 -0400

On Wed, Sep 2, 2009 at 04:20, Becker, Alexander<alb_at_compugroup.com> wrote:
> what happens when I enter my username + password in tortoisesvn to
> authenticate at a repository? Is the password send over the network or only
> a hash of it?

Depends upon what protocol you use to access the server, and how the
authentication has been configured on the server.

> When I save them in tortoise what will be saved? The password or a hash?

It's encrypted via the Windows crypto API.

> The repository itself has a normal http:// address and the credentials are
> checked against our active directory somehow, but I don’t know how it is set
> up exactly.

As long as your server is set up for Digest authentication and not
Basic, the password isn't in the clear.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2390125

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2009-09-02 12:42:47 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.