Re: Repository Passwords are in clear text?

From: Paul Koning <pkoning_at_equallogic.com>
Date: 2005-11-18 01:20:34 CET

>>>>> "Gerco" == Gerco Ballintijn <Gerco.Ballintijn@cwi.nl> writes:

>> Opened issue #2445.
>>
>> http://subversion.tigris.org/issues/show_bug.cgi?id=2445

Gerco> This sound much easier than it is. To prevent password
Gerco> snooping, the password or its hash needs to be privately
Gerco> transported (i.e., using a encrypted link). Furthermore,
Gerco> since there is no a priori trusted connection between client
Gerco> and server, you probably need to use some form public key
Gerco> cryptography (e.g., ssl). Which gets you into the whole
Gerco> certificate business.

Gerco> Which begs the question, why not use ssl for authentication
Gerco> itself?

Or ssh, of course, which is already available!

paul

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Nov 18 01:22:26 2005

This message: [ Message body ]
Next message: JF.Jodouin_at_acecomm.com: "RE: Integrating subversion & apache on Linux Red Hat"
Previous message: Witham, Michael S. NAVAIR: "Merging question"
In reply to: Gerco Ballintijn: "Re: Repository Passwords are in clear text?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]