[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Repository Passwords are in clear text?

From: Paul Koning <pkoning_at_equallogic.com>
Date: 2005-11-18 01:20:34 CET

>>>>> "Gerco" == Gerco Ballintijn <Gerco.Ballintijn@cwi.nl> writes:

>> Opened issue #2445.
>>
>> http://subversion.tigris.org/issues/show_bug.cgi?id=2445

 Gerco> This sound much easier than it is. To prevent password
 Gerco> snooping, the password or its hash needs to be privately
 Gerco> transported (i.e., using a encrypted link). Furthermore,
 Gerco> since there is no a priori trusted connection between client
 Gerco> and server, you probably need to use some form public key
 Gerco> cryptography (e.g., ssl). Which gets you into the whole
 Gerco> certificate business.

 Gerco> Which begs the question, why not use ssl for authentication
 Gerco> itself?

Or ssh, of course, which is already available!

   paul

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Nov 18 01:22:26 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.