Re: [PATCH] default to --no-auth-cache

From: B. W. Fitzpatrick <fitz_at_red-bean.com>
Date: 2003-01-14 03:35:18 CET

Karl Fogel <kfogel@newton.ch.collab.net> writes:
> Justin Erenkrantz <jerenkrantz@apache.org> writes:
> > My point is thus: stop storing the auth in the WC, rather it should be
> > somewhere in ~/.subversion/. This fixes this real complaint. The arg
> > switches and the rest of this thread is merely trying to workaround
> > the real problem. If the auth cache isn't in your WC, I'm not sure
> > that the security concerns are as valid.
>
> Yeah. That would be easier to do if we could distinguish between two
> different repositories on the same machine.
>
> > Hey, this is a great place for the repository UUID. =) -- justin
>
> True.
>
> How would people feel about solving this security problem by putting
> all auth data in ~/.subversion? (And into the registry on Windows?
> How secure/maintainable is that?)

I'd love it. I still think that it shouldn't cache passwords by
default, but with the auth data in ~/.subversion, I'm not going to be
quite as vehement about it.

-Fitz

--
Brian W. Fitzpatrick    <fitz_at_red-bean.com>   http://www.red-bean.com/fitz/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Tue Jan 14 03:35:11 2003

This message: [ Message body ]
Next message: Karl Fogel: "Re: [PATCH] default to --no-auth-cache"
Previous message: Blair Zajac: "Re: Caught a hung svn server"
In reply to: Karl Fogel: "Re: [PATCH] default to --no-auth-cache"
Next in thread: Karl Fogel: "Re: [PATCH] default to --no-auth-cache"
Reply: Karl Fogel: "Re: [PATCH] default to --no-auth-cache"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]