[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Passswords not encrypted

From: Joseph Mocker <mock+svn_at_fakebelieve.org>
Date: 2007-06-13 15:27:48 CEST

I don't see how encrypted passwords would help anyways. If I could get
to your svn.simple folder, I could probably just copy the files to my
svn.simple folder and masquerade as you.

What would be nice is an "ssh-agent" type of capability for subversion.
Where one could authenticate once for a session, and the agent would
keep track of the authentication/password. When authentication is
needed, subversion would query the agent first.

  --joe

Michael Wechner wrote:
> Giulio Troccoli wrote:
>
>> I have just found out something that I'm not sure it's right.
>>
>> I have been using Subversion for a while now, with Apache and its
>> password system, i.e. htpasswd. The passwords in the Apache files are
>> encrypted and that's fine of course.
>>
>> In the .subversion/auth/svn.simple subdirectory of a user's home
>> directory (on AIX) there is one file per repository, and the passwords
>> in these files are not encrypted.
>>
>> Could someone tell me why it is so? Is it possible to encrypt those too?
>> If not, is there a way to not have non-encrypted passwords anywhere?
>>
>>
>
> http://subversion.tigris.org/faq.html#plaintext-passwords
>
> HTH
>
> Michael
>
>> Giulio
>>
>>
>> Linedata Services (UK) Ltd
>> Registered Office: Bishopsgate Court, 4-12 Norton Folgate, London, E1
>> 6DB
>> Registered in England and Wales No 3027851 VAT Reg No 778499447
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
>> For additional commands, e-mail: users-help@subversion.tigris.org
>>
>>
>>
>>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jun 13 15:28:26 2007

This is an archived mail posted to the Subversion Users mailing list.