On 7/4/06, Nico Kadel-Garcia <nkadel@comcast.net> wrote:
> Garrett Rooney wrote:
> > On 7/3/06, Nico Kadel-Garcia <nkadel@comcast.net> wrote:
> >> Ulrich Eckhardt wrote:
> >>
> >>> - svnserve is dead easy to setup and offers some basic
> >>> authentication.
> >>
> >> As much as I like Subversion, I consider svnserve one of its great
> >> flaws. Svnserve does not allow storage of encrypted passwords, only
> >> plaintext, and relies on plaintext transmission of those passwords.
> >
> > Uhh, that's pure bullshit, the transmission of the passwords is via
> > CRAM-MD5, it is never sent over the wire as plaintext. Please
> > investigate these things before you form an opinion. The storage of
> > passwords is plainext, but their transmission is not.
>
> Is it? Good! But it's still plain-text storage, and that's still
> unforgivable.
On Windows, the password store is protected by the encryption scheme
which decrypts once you're logged in, so the situation has improved
quite a bit.
There's also built in support for Keychain on the mac to encrypt passwords.
but: if you don't trust your OS (after you configured it correctly and
securely), the OP is right, you should not be using it...
HTH,
Erik.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jul 4 09:01:40 2006