[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Repository Passwords are in clear text?

From: Gerco Ballintijn <Gerco.Ballintijn_at_cwi.nl>
Date: 2005-11-18 00:01:14 CET

Gale, David wrote:

>Dimitri Papadopoulos-Orfanos wrote:
>>>Very good point, and a large part of why I feel the svn client should
>>>allow the end-user to change their passwords on svnserve'd
>>>repositories. (I posted more of my reasons earlier in this thread,
>>>and so far, at least, no one has put forward any reasons this
>>>shouldn't happen...)
>>Have you filed an issue? I'd certainly vote for it.
>>It would be nice to be able to change passwords not only with svnserve
>>but also with Apache servers (in the latter case this would probably
>>not work in the general case, but it would be nice if it could at
>>least work with basic password files).
>Opened issue #2445.

This sound much easier than it is. To prevent password snooping, the
or its hash needs to be privately transported (i.e., using a encrypted
Furthermore, since there is no a priori trusted connection between
client and
server, you probably need to use some form public key cryptography
(e.g., ssl).
Which gets you into the whole certificate business.

Which begs the question, why not use ssl for authentication itself?


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Nov 18 00:03:05 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.