[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Repository Passwords are in clear text?

From: Jim Correia <jim.correia_at_pobox.com>
Date: 2005-11-11 20:41:03 CET

On Nov 11, 2005, at 11:10 AM, Leon Zandman wrote:

> I think it would be better to not store passwords, but only their
> hashes

In order to not send the cleartext password (or re-usable token,
which would be equivalent) over the network, svnserve needs the local
password in cleartext. (The current implementation uses cram-md5
challenge response.)

The whole issue of passwords and svnserve has been hashed out *many*
times before. While we certainly won't be able to avoid it again
(though it would be nice) please check the wealth of information
already in the archives.


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Nov 11 20:44:44 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.