Hello, Sorry, I was not subscribed before I sent this message, I'm more used to forums and other kind of software than mailing lists, so excuse my lack of netiquette in this aspect. I put the same email subject and history in here hoping the mailing list software will catch up with it.
About the project I wanted to announce here, I don't know what kind of discussion is Branko talking about, but anything else is better than plaintext passwords, even if it's a simple base64 cipher (which in my case is Rijndael). It's curious how someone invests time in making something useful for the community gets such a bad reception, nice way to welcome someone, heh. Anyways, I hope it ends up being useful for someone who doesn't mind having a little bit of security, even if it's through "obscurity" or whatever you're talking about... - DARKGuy --- From: Branko ÄŒibej <brane_at_wandisco.com> Date: Fri, 29 Aug 2014 15:31:18 +0200 On 29.08.2014 15:04, DARKGuy . wrote: > Hey all :) > > I'm really proud to announce a small app I wrote located here -> > https://github.com/darkguy2008/SVNEncryptedAuth <- that will hook into > the svnserve.exe process and encrypt the passwords located in the > "passwd" file, while making it use a temporary file with the plaintext > passwords on access (deleted almost immediately for security). > > This is made so the passwords don't get stored in plaintext but with > some sort of encryption. I don't know why this wasn't planned in the > release of that app, since we all know plaintext passwords are BAD and > SASL is a pain to set up under Windows (also, not portable since it > requires registry keys) and since I don't want to go with the hassle > of downloading the source code and compiling the whole thing, > developing an IAT hook patch was easier to do. > > I hope you guys like the project and becomes useful for anyone here. > > Comments & suggestions welcome, thanks! > - DARKGuy Do we really have to go through the whole "security through obscurity" discussion again? -- Brane -- Branko ÄŒibej | Director of Subversion WANdisco | Realising the impossibilities of Big Data e. brane_at_wandisco.com
