Re: Feature Request: clients shouldn't store auth-creds

Branko Čibej wrote:

> This thread is not about implementing authentication or encryption
> mechanisms, it's about temporarily cacheing credentials so that a)
> they're not stored on disk, and b) users don't have to provide them
> (type passwords) all the time. There's a world of difference between
> the two.

My apologies, I meant the abstract goal of providing secure storage of
private data.

> For example, "sudo" will temporarily cache the fact that you've
> confirmed your identity in a particular login session, and whilst it
> doesn't use a separate process for that, I'd still classify it as
> having an "agent". Interestingly enough, what "sudo" does is quite
> similar to storing session tokens.

FWIW, I don't mind the idea of time-limited tokens so much. It seems odd
to me that nobody else has implemented something like that before. ;)

> Others have walked that path several times, and there's nothing wrong
> with learning from their experience.

The history of man is a powerful testament to the contrary!

Good night,

David.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jan 10 00:48:33 2005