[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] default to --no-auth-cache

From: Branko Čibej <brane_at_xbc.nu>
Date: 2003-01-14 22:06:28 CET

rbb@rkbloom.net wrote:

>Just for completeness, the security concerns are just as valid. On a
>multi-user system, the password should not be stored on the disk by
>default, especially not in plain text.
>

It wouldn't be a problem if you have an encrypted filesystem, of course;
I wonder how hard it would be to encrypt the password?

Oh, and BTW, regarding cert authentication with SSL -- the certs (or
rather, the private keys) have to be password-protected, too, otherwise
anyone can use them. Same problem, one level deeper.

-- 
Brane Čibej   <brane_at_xbc.nu>   http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 14 22:07:12 2003

This is an archived mail posted to the Subversion Dev mailing list.