[Ffmpeg-devel] SVN challenge response authentication weaknesses
Rich Felker
dalias
Sun May 28 04:11:34 CEST 2006
On Sun, May 28, 2006 at 12:04:08AM +0200, Michael Niedermayer wrote:
> Hi
>
> On Sat, May 27, 2006 at 02:16:38PM +0200, Diego Biurrun wrote:
> > On Sat, May 27, 2006 at 12:57:35PM +0200, Michael Niedermayer wrote:
> > >
> > > 1. passwords are stored in plaintext on the server this means everyone
> > > who has root or can get his hands on the servers harddisk knows your password
> > > -> dont reuse any important password
> >
> > Yes. Of course all the roots can tamper with the repository in any way
> > they like anyway...
>
> yes but with more advanced authentication systems they will never see the
> password as its never on the server, the problem is if the user/developer
> used the password somewhere else too (online banking or such for example)
This is the user's problem if they're stupid, not ours.. :)
Anyway since the passwords seem to be assigned rather than selected by
users (developers) I don't see how it matters.
Rich
More information about the ffmpeg-devel
mailing list