[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve passwd plaintext

From: Nico Kadel-Garcia <nkadel_at_comcast.net>
Date: 2006-07-15 13:43:41 CEST

gmu 2k6 wrote:
> is there no way to use crypt(), md5(), hashXY(), bcrypt() for password
> enrires in the passwd file when using svnserve? using mod_dav_svn or
> tunneling svn via SSH is no option right now.
> if there really is no way I might fall back to writing a passwd
> management tool which works with base64 passwords but of course writes
> them debase64'ed into passwd. this way at I would have to actievely
> take a peek at passwd to see the passwords.

I've been growsing about that: some folks made it clear that the
communication over svnserver to handle passwords is actually encrypted, but
I loathe having plain-text passwords lyng around.

Instead, I use HTTPS/mod_dav_svn access, which can use .htaccess and other
user authentication techniques, and svnperms.conf and svnperms.py to control
user-based read/write/update permissions. Then you can use webmin, htpasswd,
or other similar tools to edit individual .htaccess accounts.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Jul 15 13:44:24 2006

This is an archived mail posted to the Subversion Users mailing list.