On Jan 9, 2010, at 11:04 AM, Ron Aaron wrote: > I didn't see an option, perhaps it's not even on the list of > requests... but > when I look at the 'user' table, the user's password is stored in > cleartext. > > Having my fossil file on a shared server, this makes me a bit > nervous. Anyone > who has access to that file can read all the user passwords. > > It would be trivial to change the password stored to sha1(login > +pw). In that > case it would also be difficult to hack, since different users with > the same > password would have wildly different values saved in the user table.
There is a trade-off. You can store an cryptographic checksum of the password in the user table. But then the password has to be sent in the clear with each HTTP request. Or you can store the cleartext password in the user table and send a cryptographic checksum of the password in the HTTP request. I went with the latter because to break it you must hack a specific server. With the former, any packet sniffer on the internet can get the password. There is another option: Drop HTTP support all together and force HTTPS for everything. Note that even with option 3 (HTTPS for everything) you still store passwords on the client side to enable auto-sync. D. Richard Hipp d...@hwaci.com _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
