On Dec 18, 2007 8:38 PM, Martin Langhoff <martin.langhoff@xxxxxxxxx> wrote:
> On Dec 18, 2007 10:41 PM, Martin Langhoff <martin.langhoff@xxxxxxxxx> wrote:
> > - git/config is very likely to be readable if the site is served via
> > other means, like dumb http protocol, or git+ssh. So even if the
> > password scrambling is mickey-mouse. it might make sense to force the
> > password data to live elsewhere.
>
> On this aspect, I see no reason why we wouldn't have the passwords
> crypt()ed or SHA1'd. Perl includes crypt() in the default
> distribution, so it wouldn't add any dependency.
It also includes Digest::SHA in the default distribution as of today:)
I could add another option for allowing users to choose their password
storage, e.g.:
[gitcvs]
password_storage = plaintext # or sha1, crypt, ...
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
