[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Repository Passwords are in clear text?

From: Paul Koning <pkoning_at_equallogic.com>
Date: 2005-11-11 20:50:43 CET

>>>>> "Jim" == Jim Correia <jim.correia@pobox.com> writes:

 Jim> On Nov 11, 2005, at 11:10 AM, Leon Zandman wrote:
>> I think it would be better to not store passwords, but only their
>> hashes

 Jim> In order to not send the cleartext password (or re-usable token,
 Jim> which would be equivalent) over the network, svnserve needs the
 Jim> local password in cleartext. (The current implementation uses
 Jim> cram-md5 challenge response.)

There are ways to avoid that, as in SRP for example. Then again,
there are patent issues that make that problematic for GPL code...


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Nov 11 20:52:40 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.