[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Not storing passwords in the filesystem

From: Karl Fogel <kfogel_at_newton.ch.collab.net>
Date: 2002-06-22 17:02:15 CEST

"Gerald Richter" <richter@ecos.de> writes:
> until now I have used svn only on the LAN and didn't used any authetication.
> Now I have made a repository available to the internet and secured it with
> passwords. This works fine, but when I done any operations now my password
> is stored for every subdirectory in cleartext in the filesystem. While this
> is ok for a secure machine, this is a big security whole when doing a
> checkout etc. on machine that is used by many people or is accessable via
> the net.
>
> I didn't find anyway to delete these passwords (ok I can do a find -name
> password -exec rm {} \; ), but this isn't very convenient. So my questions
> is, is there a way to not store passwords at all, so I get asked anytime I
> access the repository, or at least is there a way to logout and delete the
> password.
>
> I know svn is still pre-alpha, so I just want to know the state of this
> issue and if there are any plans/features I have overseen already

+1 on making this a run-time option.

We now have a number of little things we want in the
.subversion/config (or .subversion/options or registry or whatever).
I'll try to make that file exist today, and put this as an option in
it.

-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Jun 22 17:11:14 2002

This is an archived mail posted to the Subversion Dev mailing list.