Karl Fogel wrote:
> The weakness of the current way is not lack of simplicity or
> comprehensibility. It's that it stores plaintext on disk (albeit
> permission-protected). We've never claimed this is ideal; it was a
> conscious trade-off. I think any part of your suggestions that can
> purely improve the situation will be welcome. To the extent that you
> propose different trade-offs, that may or may not fly, I can't say how
> it will turn out.
>
Whether or not to store passwords at all, and whether there's a better
way, is a larger discussion.
However, once you've chosen to store passwords, they should at least be
obscured from casual viewing. Even if it's just Base64-encoded, that's
better than plaintext passwords. At least it requires a positive step
to decode the password, which won't happen by accident. An
administrator could stumble across the plaintext password by accident,
compromising the password unintentionally. No, it's no more secure from
an attacker, but it's still an improvement.
Deven
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-22 21:26:10 CET