Re: [PATCH] don't store plain-text passwords by default

On Wed, Apr 16, 2008 at 1:28 PM, Karl Fogel <kfogel_at_red-bean.com> wrote:
> Stefan Sperling <stsp_at_elego.de> writes:
> > I've tested the patch with svnserve locally, on FreeBSD.
> > It works as I expected it to work. The password isn't stored by default.
> > It is however stored when I pass --store-plaintext-pw (this option only
> > needs to be used once per server/realm), or when I set the
> > store-plaintext-passwords option in ~/.subversion/config (which only
> > needs to be done once per user account).
>
> Bravo for writing the patch!
>
> If there is a config option for remembering passwords by default, then
> there needs to be a command-line option to not remember (use case: user
> feels that most repository passwords are not sensitive, but this one
> repository she's checking out today *is* sensitive, or the password
> she's using for it is shared with something else, or whatever).

Hmm. Am I the only one who is concerned by the compatibility
implications of this change? I'm sure that the web and organization's
HOWTOs are full of "run this command, type your password, and it'll
remember it for the future" statements. These all become false.

I'd be very happy to see it with storing passwords as the default, though.

--dave

-- 
David Glasser | glasser@davidglasser.net | http://www.davidglasser.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org