Re: Can svnserve read an encrypted password file?

From: Paul Koning <Paul_Koning_at_dell.com>
Date: Thu, 28 Aug 2008 12:42:56 -0400

>>>>> "vinay" == vinay <vinay.indresh_at_gmail.com> writes:

vinay> Hi All I was wondering if it is possible to keep the password
vinay> file in an encrypted format. This would help in maintaining
vinay> the passwords securely.

The client needs the plaintext password, so it would have to decrypt
the password if it's stored encrypted, which means it needs to know
the key, which means someone could read that key out of the client.
So encrypting adds no security -- that's why the option isn't there.

More precisely, encryption would mislead some people into believing
there is security when there isn't, which is worse than not having
encryption.

paul

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-08-28 18:43:52 CEST

This message: [ Message body ]
Next message: Stefan Sperling: "Re: Can svnserve read an encrypted password file?"
Previous message: Tom Browder: "Re: How to Determine Repository File System Type"
In reply to: vinay i: "Can svnserve read an encrypted password file?"
Next in thread: Stefan Sperling: "Re: Can svnserve read an encrypted password file?"
Reply: Stefan Sperling: "Re: Can svnserve read an encrypted password file?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]