Den ons 23 aug. 2023 kl 06:32 skrev Channakeshavala, Sriharsha < s.channakeshav...@sap.com>:
> Thanks for the quick response. > > > > Subversion credential cache is something that is done on the client side. > > > > But we have an issue storing plain text passwords in the “passwd” on the > server side. > > Could you please suggest on it. > I assume you use plain svnserve (ie, the url start with svn:// ). In that case I don't think it is possible to protect the passwords. You could switch to mod_svn (in this case the password is hashed) or use svnserve over SSH (in which case the user is authenticated by the SSH server). See the SVN book for a detailed description of the different options: https://svnbook.red-bean.com/nightly/en/svn.serverconfig.html Kind regards, Daniel Sahlberg > > > Your help will be much appreciated. > > > > Thanks, > > Sriharsha > > > > *From:* Daniel Sahlberg <daniel.l.sahlb...@gmail.com> > *Sent:* 22 August 2023 16:44 > *To:* Channakeshavala, Sriharsha <s.channakeshav...@sap.com> > *Cc:* users@subversion.apache.org > *Subject:* Re: “passwd” file stores plain text passwords - how to protect > it > > > > You don't often get email from daniel.l.sahlb...@gmail.com. Learn why > this is important <https://aka.ms/LearnAboutSenderIdentification> > > Den tis 22 aug. 2023 kl 13:00 skrev Channakeshavala, Sriharsha via users < > users@subversion.apache.org>: > > Hello, > > > > Since the “passwd” file stores plain text passwords, it is vulnerable for > the SVN users. > > We have not compiled the subversion 1.14.2 with “cyrus SASL” library and > hence cannot use SASL authentication mechanisms. > > > > Could you please suggest any other alternative to secure the passwd file ? > > > > The following FAQ article on the Subversion website should probably answer > your questions: https://subversion.apache.org/faq.html#plaintext-passwords > > > > Please note that for Subversion 1.12 until 1.14 the default was to disable > the plaintext password cache. In Subversion 1.15 the plaintext password > cache will again be enabled by default. > > > > Kind regards, > > Daniel > > >
