[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Re: Not storing passwords in the filesystem

From: Bill Tutt <rassilon_at_lyra.org>
Date: 2002-06-22 21:25:37 CEST

> From: Karl Fogel [mailto:kfogel@newton.ch.collab.net]
>
> "Gerald Richter" <richter@ecos.de> writes:
> > Great! I would suggest to turn password storing off by default.
>
> This is a tough call, but IMHO the inconvenience outweighs the extra
> security, so my instinct is to leave storing as the default. Would
> like to hear what others think, too, though...
>

Of course, UI apps are going to behave in a completely opposite fashion.
My current thinking about what should happen in a UI for Subversion is
that the password information is cached in memory by the UI, and
discarded upon UI closing, but also having the option to cache the
password information someplace more permanent. Preferably that wouldn't
be in the working copy data. On Win32 systems it might be wise to cache
it in a secure storage container of some sort.

So please think about that kind of thing when tweaking any of this part
of the existing code base.

Thanks,
Bill

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Jun 22 21:27:44 2002

This is an archived mail posted to the Subversion Dev mailing list.