Re: Repository Passwords are in clear text?

From: Jim Correia <jim.correia_at_pobox.com>
Date: 2005-11-11 20:41:03 CET

On Nov 11, 2005, at 11:10 AM, Leon Zandman wrote:

> I think it would be better to not store passwords, but only their
> hashes

In order to not send the cleartext password (or re-usable token,
which would be equivalent) over the network, svnserve needs the local
password in cleartext. (The current implementation uses cram-md5
challenge response.)

The whole issue of passwords and svnserve has been hashed out *many*
times before. While we certainly won't be able to avoid it again
(though it would be nice) please check the wealth of information
already in the archives.

Jim

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Nov 11 20:44:44 2005

This message: [ Message body ]
Next message: Paul Koning: "Re: Repository Passwords are in clear text?"
Previous message: Stewart Gordon: "Persistent 400 Bad Request errors for some repositories"
In reply to: Leon Zandman: "RE: Repository Passwords are in clear text?"
Next in thread: Paul Koning: "Re: Repository Passwords are in clear text?"
Reply: Paul Koning: "Re: Repository Passwords are in clear text?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]