You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Maurizio de Pascale <md...@dii.unisi.it> on 2005/11/11 10:01:58 UTC
Repository Passwords are in clear text?
Hi everybody,
I'm just setting up a svn repository to be used from the internet and
noticed that the /conf/passwd file contains passwords in clear text!
This is very bad as it forces people to choose a password knowing that
other guys could eventually read it.
Is there a way to change this behavior and force "CVS-like" storing of
passwords?
Thanks,
Maurizio de Pascale
mdepascale@dii.unisi.it
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Repository Passwords are in clear text?
Posted by Damir Shayhutdinov <da...@tecon.ru>.
On Fri, Nov 11, 2005 at 11:01:58AM +0100, Maurizio de Pascale wrote:
> Hi everybody,
> I'm just setting up a svn repository to be used from the internet and
> noticed that the /conf/passwd file contains passwords in clear text!
> This is very bad as it forces people to choose a password knowing that
> other guys could eventually read it.
> Is there a way to change this behavior and force "CVS-like" storing of
> passwords?
I suppose the most secure way is to use svn over SSH, with public key
authentiŃation, and ssh-agent for storing passwords for private keys on
client side. Or, in Windows, plink and pageant programs from PuTTY
package can be used as transport and secure authentication.
--
WBR,
Damir Shayhutdinov
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Repository Passwords are in clear text?
Posted by Duncan Murdoch <su...@murdoch-sutherland.com>.
On 11/11/2005 5:01 AM, Maurizio de Pascale wrote:
> Hi everybody,
> I'm just setting up a svn repository to be used from the internet and
> noticed that the /conf/passwd file contains passwords in clear text!
> This is very bad as it forces people to choose a password knowing that
> other guys could eventually read it.
> Is there a way to change this behavior and force "CVS-like" storing of
> passwords?
This is an FAQ, addressed here:
http://subversion.tigris.org/faq.html#plaintext-passwords
I agree with you that the CVS-like lightweight password hiding would be
nice, but I haven't got around to submitting a patch...
Duncan Murdoch
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org