On Sunday 10 January 2010 13:32:31 Twylite wrote: > Hi, ... > Cryptographically this is equivalent to sending a cleartext password > over HTTP and storing a hash of the password.
Yes, you are correct that from the standpoint of someone intercepting wire traffic, such a person can still log in. However, that person will *not* have intercepted the password itself, which is what I and others were concerned about. In the current scenario, the password used by the user is neither stored on the remote server nor sent on the wire. Otherwise, the protocol is the same as before in terms of overall security. > The only way to solve this problem - securing both the wire and the > server storage - is to move to a more advanced cryptographic protocol > (preferably asymmetric crypto). That was one reason I suggested the possibility of allowing the option of a 'whitelist' of GPG keys, against which potential checkin manifests could be checked. That doesn't prevent a malicious user from logging in as someone else, but it does prevent such a person from (easily) compromising the source repository. -- For privacy, my GPG key signature is: AD29415D _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
