Re: Repository Passwords are in clear text?

From: Mark Parker <mark_at_msdhub.com>
Date: 2005-11-16 00:15:33 CET

Scott Palmer wrote:
> Ultimately yes. I was only solving the issue of easily readable
> plaintext passwords. So, for example the administrator could look at
> the file without accidentally reading the private passwords of the users.
>
> Scott

That's what I'm saying... you didn't solve it. All you did was turn the
easily readable plaintext passwords into something longer and harder to
remember. If the administrator wanted to do something with your account,
all he needs do is comment out the line that says "the_password =
hash(the_password)" in the client and recompile. If the administrator
wouldn't do that because he's trustworthy, then why not leave
easily-readable passwords in the file?

A false sense of security is worse than no security.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Nov 16 00:22:09 2005

This message: [ Message body ]
Next message: Deepak Balasubramaniam: "Help needed regarding mod_dav_svn module"
Previous message: Maurizio de Pascale: "Re: Repository Passwords are in clear text?"
In reply to: Scott Palmer: "Re: Repository Passwords are in clear text?"
Next in thread: Gavin Lambert: "RE: Repository Passwords are in clear text?"
Reply: Gavin Lambert: "RE: Repository Passwords are in clear text?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]