[Ffmpeg-devel] SVN challenge response authentication weaknesses
Sun May 28 00:04:59 CEST 2006
On Sat, May 27, 2006 at 06:04:29PM -0400, Rich Felker wrote:
> On Sat, May 27, 2006 at 01:10:58PM +0200, Attila Kinali wrote:
> > But there is one thread that is more serious than any of these
> > above and a lot more likely to happen: If someone is able to
> > overtake one of the machines of a developer, he can simply
> > extract the svn password from the config files. Unlike with
> > ssh-keys those files are not encrypted!
> No one kept their rsa keys encrypted anyway. If they did they'd have
> to enter a password each time they did anything with cvs, even
> read-only ops..
ssh-agent is your friend, with it you only have to type in your
passphrase once (in a while).
More information about the ffmpeg-devel