Re: [PATCH] default to --no-auth-cache

From: Greg Stein <gstein_at_lyra.org>
Date: 2003-01-14 01:55:42 CET

On Mon, Jan 13, 2003 at 04:46:55PM -0800, rbb@rkbloom.net wrote:
> On Mon, 13 Jan 2003, Justin Erenkrantz wrote:
>...
> > If you want 'secure' local storage right now, you should be using ra_svn
> > with an appropriate SSH agent forwarding. No username/password combination
> > should be required then.
>
> But I don't want a secure local store for my password. I don't want my
> password stored on the box, at least not by default. For some repos,
> sure, put my password in there, it is a public account on a machine that
> doesn't use SSL. But for my box, which does use SSL, don't even think of
> putting my password in plain text on the machine.

How about if we disable the auth storage when SSL is used?

That is, the default behavior is:

  * store user/pass
  * if using SSL, then just store the user
  * config files override the above behavior
  * cmdline switches override the above

btw, note that the password info is always stored in a user-read-only
directory and user-read-only file.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Tue Jan 14 01:54:11 2003

This message: [ Message body ]
Next message: Benjamin Pflugmann: "Re: [PATCH] default to --no-auth-cache"
Previous message: Sander Striker: "RE: [PATCH] default to --no-auth-cache"
In reply to: rbb_at_rkbloom.net: "Re: [PATCH] default to --no-auth-cache"
Next in thread: Karl Fogel: "Re: [PATCH] default to --no-auth-cache"
Reply: Karl Fogel: "Re: [PATCH] default to --no-auth-cache"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]