[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] don't store plain-text passwords by default

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Wed, 16 Apr 2008 16:28:52 -0400

Stefan Sperling <stsp_at_elego.de> writes:
> I've tested the patch with svnserve locally, on FreeBSD.
> It works as I expected it to work. The password isn't stored by default.
> It is however stored when I pass --store-plaintext-pw (this option only
> needs to be used once per server/realm), or when I set the
> store-plaintext-passwords option in ~/.subversion/config (which only
> needs to be done once per user account).

Bravo for writing the patch!

If there is a config option for remembering passwords by default, then
there needs to be a command-line option to not remember (use case: user
feels that most repository passwords are not sensitive, but this one
repository she's checking out today *is* sensitive, or the password
she's using for it is shared with something else, or whatever).

-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-16 22:29:47 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.