You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by "DARKGuy ." <da...@gmail.com> on 2014/08/29 15:04:53 UTC
C# SVN Encrypted Authentication wrapper for Windows and svnserve.exe
Hey all :)
I'm really proud to announce a small app I wrote located here ->
https://github.com/darkguy2008/SVNEncryptedAuth <- that will hook into
the svnserve.exe process and encrypt the passwords located in the
"passwd" file, while making it use a temporary file with the plaintext
passwords on access (deleted almost immediately for security).
This is made so the passwords don't get stored in plaintext but with
some sort of encryption. I don't know why this wasn't planned in the
release of that app, since we all know plaintext passwords are BAD and
SASL is a pain to set up under Windows (also, not portable since it
requires registry keys) and since I don't want to go with the hassle
of downloading the source code and compiling the whole thing,
developing an IAT hook patch was easier to do.
I hope you guys like the project and becomes useful for anyone here.
Comments & suggestions welcome, thanks!
- DARKGuy
Re: C# SVN Encrypted Authentication wrapper for Windows and svnserve.exe
Posted by Branko Čibej <br...@wandisco.com>.
On 29.08.2014 15:04, DARKGuy . wrote:
> Hey all :)
>
> I'm really proud to announce a small app I wrote located here ->
> https://github.com/darkguy2008/SVNEncryptedAuth <- that will hook into
> the svnserve.exe process and encrypt the passwords located in the
> "passwd" file, while making it use a temporary file with the plaintext
> passwords on access (deleted almost immediately for security).
>
> This is made so the passwords don't get stored in plaintext but with
> some sort of encryption. I don't know why this wasn't planned in the
> release of that app, since we all know plaintext passwords are BAD and
> SASL is a pain to set up under Windows (also, not portable since it
> requires registry keys) and since I don't want to go with the hassle
> of downloading the source code and compiling the whole thing,
> developing an IAT hook patch was easier to do.
>
> I hope you guys like the project and becomes useful for anyone here.
>
> Comments & suggestions welcome, thanks!
> - DARKGuy
Do we really have to go through the whole "security through obscurity"
discussion again?
-- Brane
--
Branko Čibej | Director of Subversion
WANdisco | Realising the impossibilities of Big Data
e. brane@wandisco.com