[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Configuration recommendations in a heterogenous Linux environment?

From: Erik Huelsmann <ehuels_at_gmail.com>
Date: 2006-07-04 08:59:57 CEST

On 7/4/06, Nico Kadel-Garcia <nkadel@comcast.net> wrote:
> Garrett Rooney wrote:
> > On 7/3/06, Nico Kadel-Garcia <nkadel@comcast.net> wrote:
> >> Ulrich Eckhardt wrote:
> >>
> >>> - svnserve is dead easy to setup and offers some basic
> >>> authentication.
> >>
> >> As much as I like Subversion, I consider svnserve one of its great
> >> flaws. Svnserve does not allow storage of encrypted passwords, only
> >> plaintext, and relies on plaintext transmission of those passwords.
> >
> > Uhh, that's pure bullshit, the transmission of the passwords is via
> > CRAM-MD5, it is never sent over the wire as plaintext. Please
> > investigate these things before you form an opinion. The storage of
> > passwords is plainext, but their transmission is not.
>
> Is it? Good! But it's still plain-text storage, and that's still
> unforgivable.

On Windows, the password store is protected by the encryption scheme
which decrypts once you're logged in, so the situation has improved
quite a bit.

There's also built in support for Keychain on the mac to encrypt passwords.

but: if you don't trust your OS (after you configured it correctly and
securely), the OP is right, you should not be using it...

HTH,

Erik.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jul 4 09:01:40 2006

This is an archived mail posted to the Subversion Users mailing list.