[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: passwords in subversion

From: <kfogel_at_collab.net>
Date: 2004-12-13 18:13:49 CET

Ben Collins-Sussman <sussman@collab.net> writes:
> Agreed. But rather than implement a whole new (almost identical)
> authn system, why not just have svnserve store the user-db with a
> trivial scramble. It solves the same "over the shoulder" problem,
> with a lot less work.

We will then get lots of posts saying "Do you realize your server-side
password encryption is totally insecure?" (As happened with CVS, to a

Of course, our answer will be "Yes, we know that." But if the point
is to avoid stimulating these posts, I'm not sure that moving from
plaintext to trivial-scrambling is going to be effective.

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Dec 13 18:16:55 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.