[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: plaintext passwords - my 0.02c

From: Garrett Rooney <rooneg_at_electricjellyfish.net>
Date: 2006-07-20 02:17:53 CEST

On 7/19/06, Mark Ryan <mark.p.ryan@gmail.com> wrote:

> Can I keep this password stored in an encrypted format? Does anyone else
> see this as an issue??

Yes and no. On windows (or Mac OS X in Subversion 1.4) we can use
operating system specific means to store the passwords, which keeps
them encrypted. On unix there are no such facilities provided. So if
we were going to encrypt the file then we'd need you to give us a
passphrase or something to decrypt it, which is really sort of
defeating the purpose. Alternatively we could use the same technique
CVS uses (scramble the password in some deterministic manner), but
that's not gonna solve your problem either, because anyone who gets
the file can just reverse the procedure (just like svn would when it
needed the password). For CVS the password is just rot13 encoded,
which is about as unprotected as you can get...

-garrett

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jul 20 02:26:55 2006

This is an archived mail posted to the Subversion Users mailing list.