Hello,
Since the “passwd” file stores plain text passwords, it is vulnerable for the SVN users.
We have not compiled the subversion 1.14.2 with “cyrus SASL” library and hence cannot use SASL authentication mechanisms.
Could you please suggest any other alternative to secure the passwd file ?
Thanks & Regards,
Sriharsha
On Tue, 22 Aug 2023 17:38:12 +0200, Bo Berglund <bo.be...@gmail.com> wrote:
>On Tue, 22 Aug 2023 13:14:25 +0200, Daniel Sahlberg
><daniel.l...@gmail.com> wrote:
>
>>Please note that for Subversion 1.12 until 1.14 the default was to disable
>>the plaintext password cache. In Subversion 1.15 the plaintext password
>>cache will again be enabled by default.
>
>I am using svn a lot on raspberry pi devices and I have now checked the current
>version on one of them:
>
>$ svn --version
>svn, version 1.14.1 (r1886195)
> compiled Apr 5 2022, 23:23:59 on arm-unknown-linux-gnueabihf
>
>So in order to get back the file cache again I need a version update, right?
>
>Does anyone know when Debian will move ahead to 1.15?
>PiOS is based on Debian, so I guess it will be guided by that...
>
>Or is it possible to force a version update via apt?
Forgot to say that PiOS ia version bullseye at the moment...
Thanks for the quick response.
Subversion credential cache is something that is done on the client side.
But we have an issue storing plain text passwords in the “passwd” on the server side.
Could you please suggest on it.
Your help will be much appreciated.
Thanks,
Sriharsha
From: Daniel Sahlberg <daniel.l...@gmail.com>
Sent: 22 August 2023 16:44
To: Channakeshavala, Sriharsha <s.channa...@sap.com>
Cc: us...@subversion.apache.org
Subject: Re: “passwd” file stores plain text passwords - how to protect it
You don't often get email from daniel.l...@gmail.com. Learn why this is important
Thanks for the quick response.
Subversion credential cache is something that is done on the client side.
But we have an issue storing plain text passwords in the “passwd” on the server side.
Could you please suggest on it.
Your help will be much appreciated.
Thanks,
Sriharsha
From: Daniel Sahlberg <daniel.l...@gmail.com>
Sent: 22 August 2023 16:44
To: Channakeshavala, Sriharsha <s.channa...@sap.com>
Cc: us...@subversion.apache.org
Subject: Re: “passwd” file stores plain text passwords - how to protect it
You don't often get email from daniel.l...@gmail.com. Learn why this is important |
Den tis 22 aug. 2023 kl 13:00 skrev Channakeshavala, Sriharsha via users <us...@subversion.apache.org>: