Re: [PATCH] default to --no-auth-cache

From: Karl Fogel <kfogel_at_newton.ch.collab.net>
Date: 2003-01-14 02:16:32 CET

Justin Erenkrantz <jerenkrantz@apache.org> writes:
> My point is thus: stop storing the auth in the WC, rather it should be
> somewhere in ~/.subversion/. This fixes this real complaint. The arg
> switches and the rest of this thread is merely trying to workaround
> the real problem. If the auth cache isn't in your WC, I'm not sure
> that the security concerns are as valid.

Yeah. That would be easier to do if we could distinguish between two
different repositories on the same machine.

> Hey, this is a great place for the repository UUID. =) -- justin

True.

How would people feel about solving this security problem by putting
all auth data in ~/.subversion? (And into the registry on Windows?
How secure/maintainable is that?)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 14 03:02:24 2003

This message: [ Message body ]
Next message: Smith, Eric V.: "RE: [PATCH] default to --no-auth-cache"
Previous message: Justin Erenkrantz: "Re: [PATCH] default to --no-auth-cache"
In reply to: Justin Erenkrantz: "Re: [PATCH] default to --no-auth-cache"
Next in thread: B. W. Fitzpatrick: "Re: [PATCH] default to --no-auth-cache"
Reply: B. W. Fitzpatrick: "Re: [PATCH] default to --no-auth-cache"
Reply: rbb_at_rkbloom.net: "Re: [PATCH] default to --no-auth-cache"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]