[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] default to --no-auth-cache

From: Greg Stein <gstein_at_lyra.org>
Date: 2003-01-14 01:55:42 CET

On Mon, Jan 13, 2003 at 04:46:55PM -0800, rbb@rkbloom.net wrote:
> On Mon, 13 Jan 2003, Justin Erenkrantz wrote:
>...
> > If you want 'secure' local storage right now, you should be using ra_svn
> > with an appropriate SSH agent forwarding. No username/password combination
> > should be required then.
>
> But I don't want a secure local store for my password. I don't want my
> password stored on the box, at least not by default. For some repos,
> sure, put my password in there, it is a public account on a machine that
> doesn't use SSL. But for my box, which does use SSL, don't even think of
> putting my password in plain text on the machine.

How about if we disable the auth storage when SSL is used?

That is, the default behavior is:

  * store user/pass
  * if using SSL, then just store the user
  * config files override the above behavior
  * cmdline switches override the above

btw, note that the password info is always stored in a user-read-only
directory and user-read-only file.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 14 01:54:11 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.