Re: [PATCH] default to --no-auth-cache

From: <rbb_at_rkbloom.net>
Date: 2003-01-14 22:32:01 CET

On Tue, 14 Jan 2003, [UTF-8] Branko Čibej wrote:

> rbb@rkbloom.net wrote:
>
> >Just for completeness, the security concerns are just as valid. On a
> >multi-user system, the password should not be stored on the disk by
> >default, especially not in plain text.
> >
>
> It wouldn't be a problem if you have an encrypted filesystem, of course;
> I wonder how hard it would be to encrypt the password?
>
> Oh, and BTW, regarding cert authentication with SSL -- the certs (or
> rather, the private keys) have to be password-protected, too, otherwise
> anyone can use them. Same problem, one level deeper.

Yep, which basically means that we will need something like ssh-agent to
_really_ solve this problem.

Ryan

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 14 22:19:00 2003

This message: [ Message body ]
Next message: Branko Čibej: "Re: [PATCH] default to --no-auth-cache"
Previous message: rbb_at_rkbloom.net: "Re: [PATCH] default to --no-auth-cache"
In reply to: Branko Čibej: "Re: [PATCH] default to --no-auth-cache"
Next in thread: Branko Čibej: "Re: [PATCH] default to --no-auth-cache"
Reply: Branko Čibej: "Re: [PATCH] default to --no-auth-cache"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]