Re: plaintext passwords - my 0.02c

From: Garrett Rooney <rooneg_at_electricjellyfish.net>
Date: 2006-07-20 02:17:53 CEST

On 7/19/06, Mark Ryan <mark.p.ryan@gmail.com> wrote:

> Can I keep this password stored in an encrypted format? Does anyone else
> see this as an issue??

Yes and no. On windows (or Mac OS X in Subversion 1.4) we can use
operating system specific means to store the passwords, which keeps
them encrypted. On unix there are no such facilities provided. So if
we were going to encrypt the file then we'd need you to give us a
passphrase or something to decrypt it, which is really sort of
defeating the purpose. Alternatively we could use the same technique
CVS uses (scramble the password in some deterministic manner), but
that's not gonna solve your problem either, because anyone who gets
the file can just reverse the procedure (just like svn would when it
needed the password). For CVS the password is just rot13 encoded,
which is about as unprotected as you can get...

-garrett

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jul 20 02:26:55 2006

This message: [ Message body ]
Next message: Ryan Schmidt: "Re: OS upgrade caused svn problems"
Previous message: David Croxford: "svnserv Authorization failed when attempting checkout"
In reply to: Mark Ryan: "RE: plaintext passwords - my 0.02c"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]