Greg Dickie wrote:
> On November 8, 2002 04:42 pm, Kevin Pilch-Bisson wrote:
>> On Fri, Nov 08, 2002 at 04:32:38PM -0500, Greg Dickie wrote:
>>> Hi,
>>>
>>> I apoligize if this is a FAQ but I just noticed that passwords
>>> are stored in cleartext in the .svn/auth subdir. I know there
>>> are options to not cache at all but there must be some way to
>>> at least obscure the password....
>>>
>>> TIA,
>>> Greg
>>
>> Actually no, but they are not readable by any but the current user
>> (at least under unix).
>
> Hmm. I guess thats true. We have a couple of lab machines where
> everyone works as root so thats why I noticed it. Thats our problem
> I guess.
Um, how do you accidentally come across somebody's password? It's in a
subdirectory of the .svn directory, not a place where you happen to
troddle along too often, is it? Maybe if you'd look at a tar file
where all files are in one chunk... but usually those are compressed.
I fail to see the case where one _by mistake_ happens to stumble on
the password. On the other hand, if one goes there intentionally, then
any obscuring is worthless.
I don't see a reason why we couldn't base64 the password if wanted,
but I'd like to see a case where one could stuble on it by mistake
first.
-- Naked
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sun Nov 10 15:19:34 2002