On 7/4/06, Nico Kadel-Garcia <nkadel@comcast.net> wrote:
>
> ----- Original Message -----
> From: "Erik Huelsmann" <ehuels@gmail.com>
> To: "Nico Kadel-Garcia" <nkadel@comcast.net>
> Cc: "Garrett Rooney" <rooneg@electricjellyfish.net>; "Ulrich Eckhardt"
> <eckhardt@satorlaser.com>; <users@subversion.tigris.org>
> Sent: Tuesday, July 04, 2006 2:59 AM
> Subject: Re: Configuration recommendations in a heterogenous Linux
> environment?
>
>
> > On 7/4/06, Nico Kadel-Garcia <nkadel@comcast.net> wrote:
>
> >> Is it? Good! But it's still plain-text storage, and that's still
> >> unforgivable.
> >
> > On Windows, the password store is protected by the encryption scheme
> > which decrypts once you're logged in, so the situation has improved
> > quite a bit.
> >
> > There's also built in support for Keychain on the mac to encrypt
> > passwords.
> >
> > but: if you don't trust your OS (after you configured it correctly and
> > securely), the OP is right, you should not be using it...
>
> Erik, I was talking about the server side. It's a ghods-awful approach to
> keep software passwords floating around in plain text, for any system. The
> server administrator *should not* in general know user's passwords.
Well, it's a weak defense, but CVS for example uses ROT13... Not much
protection of your passwords. BTW: How do you suppose those passwords
get into the password file? I'd say you need a server admin for that
anyway?
bye,
Erik.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jul 5 07:40:55 2006