Re: [Subversion Wiki] Update of "EncryptedPasswordStorage" by CMichaelPilato

From: Stefan Sperling <stsp_at_elego.de>
Date: Tue, 3 Jan 2012 23:27:33 +0100

On Tue, Jan 03, 2012 at 04:19:29PM -0000, Apache subversion Wiki wrote:
> + === GPG Agent ===
> + Subversion's 1.8-dev codebase currently offers an integration with GPG Agent, which is yet another third-party cryptographic service provider.
> +

Even though this auth provider has "GPG" in its name, there is no crypto
involved. It is merely an in-memory cache of the password, in plaintext.
The only advantage is that the password is not written to disk.
See the "SECURITY CONSIDERATIONS" comment added in this commit:
http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/gpg_agent.c?r1=1151053&r2=1151069
Received on 2012-01-03 23:28:10 CET

This message: [ Message body ]
Next message: Stefan Sperling: "Re: Are you brave enough to manage a Subversion release?"
Previous message: Hyrum K Wright: "Are you brave enough to manage a Subversion release?"
Next in thread: Daniel Shahaf: "Re: [Subversion Wiki] Update of "EncryptedPasswordStorage" by CMichaelPilato"
Reply: Daniel Shahaf: "Re: [Subversion Wiki] Update of "EncryptedPasswordStorage" by CMichaelPilato"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]