On Wed, Aug 25, 2004 at 07:00:31PM -0700, Paul Ossenbruggen <paul.ossenbruggen@convoii.net> wrote:
>
> The last solution, being advocated by Security Guy, which requires the
> least amount of change, is to turn off the cache and make people type a
> lot of passwords. Does anyone have experience with this and how
> annoying it is? He is judging that we might have maybe 10 commands per
> developer per day where we have to enter our passwords, since it is
> only the commands talk to the server that need to authenticate. I would
> guess it is more like 20-50.
>
Yet another case of Security Guys making things *less* secure by blindly
enforcing security policies. I guarantee that if he goes through with
this *someone* will write a wrapper script for svn that will supply the
password on the commandline in plaintext.
Of course, I doubt there's anything you can do to change *that* :-)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Aug 26 19:27:06 2004