[Savane-dev] Password-based authentication (February 20, 2006 - 00:31)

Others Months | Index by Date | Thread Index
>>   [Date Prev] [Date Next] [Thread Prev] [Thread Next]



Is there a reason why there is no support for password
authentication. For example, SF allows you to connect to CVS using
your web interface password. (this is not practical but useful for
newbie who do not know how to deal with SSH keys yet)

What I'd like to know is whether this is a security decision, a
technical limitation or a missing feature :)

Password-based auth is more vulnerable to brute-force attacks... but
so is the web interface then. It's also more vulnerable in the case of
host spoofing or typosquatting (with pub keys the priv key is never
transmitted, unlike the password) - but in this case it's the user


Related Mails

Powered by MHonArc, Updated Mon Feb 20 08:00:11 2006