[Ffmpeg-devel] SVN challenge response authentication weaknesses

Michael Niedermayer michaelni
Sun May 28 00:04:08 CEST 2006


On Sat, May 27, 2006 at 02:16:38PM +0200, Diego Biurrun wrote:
> On Sat, May 27, 2006 at 12:57:35PM +0200, Michael Niedermayer wrote:
> > 
> > 1. passwords are stored in plaintext on the server this means everyone
> > who has root or can get his hands on the servers harddisk knows your password
> > -> dont reuse any important password
> Yes.  Of course all the roots can tamper with the repository in any way
> they like anyway...

yes but with more advanced authentication systems they will never see the
password as its never on the server, the problem is if the user/developer
used the password somewhere else too (online banking or such for example)

Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In the past you could go to a library and read, borrow or copy any book
Today you'd get arrested for mere telling someone where the library is

More information about the ffmpeg-devel mailing list