Re: Looking for Subversion server-side SSH key manager

Stachu 'Dozzie' K. wrote:

OK. How then would you like to use it in svn protocol or with HTTPs with
basic authentication?

By letting the server hash the received password. Basic authentication is a different issue. It isn't an easy task, I admit. This is one of the reasons I use SVN over SSH.

Subversion must be
able to read it. If the password is encrypted in any way, Subversion
must ask user for decryption key. Otherwise everything could be stored
as plain text, since "encryption with publicly known key" is no
encryption at all.
What do you thing something like PGP uses ?

You mean, protecting password with password? You would end up with
prompting user for password for each checkin/checkout. Situation similar
to not storing password at all.

No, by using public key authentication. The same thing for example SSH uses.

"Windows password storage", whatever are you talking
about, is affected exactly by the same facts. It's just a matter of
reading appropriate object from the system.
Windows stores passwords hashed.

What passwords does Windows store hashed? Passwords to websites (IE)?
Passwords to e-mail (OE, MSO)? Or what else? Or maybe you're talking
about passwords to user's system accounts, what is slightly different
from Subversion as the password doesn't need to be sent anywhere just
after getting it from the user?

I'm talking about system accounts. Storing passwords in plain is a bad thing.



Igmar

.

Relevant Pages

  • Re: IPSEC Certificate
    ... That is Basic Authentication and FTP ... Just the MS Dialup component by itself uses by default CHAP, MS-CHAP, or ... L2TP uses an additional layer of encryption on top of that, ...
    (microsoft.public.isa.vpn)
  • Re: Disabling Win.Integrated Auth for OWA
    ... >>it still required user to enter ... > Using basic authentication doesn't mean that you can get by ... > Not if you use SSL. ... encryption of some sort or another, ...
    (microsoft.public.exchange.admin)