[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: libsvn_auth going to solve the user/passwd file problem?

From: Garret Wilson <garret_at_globalmentor.com>
Date: 2003-02-11 16:55:30 CET

After reading this bug, I'd like to say that I agree that the
authentication information should not be stored by default.

Both IE and Mozilla present a checkbox option to save a password for a
particular realm. Both Outlook Express and Mozilla Mail present an
option for whether the password is saved. For svn, if you don't actively
specify *each time* not to store the password, your entire repository
will be available to whomever has your computer.

I have some development machines on which I don't mind (and even want)
the passwords to be stored. But on the little Vaio I take around the
world with me, I don't want *any* passwords stored anywhere, so that if
my laptop gets stolen the thief may have some sort code but he/she won't
be able to muck around with my svn repository.

IMHO, authentication caching should be turned off unless explicitly
turned on.

Cheers,

Garret Wilson

Karl Fogel wrote:
> solo turn <soloturn99@yahoo.com> writes:
>
>>does libsvn_auth solve the user/passwd file problem by putting that
>>information somewhere else (server file, replace by something else)?
>>
>>these files are currently in .svn/auth, and written on every
>>operation like "svn up" (on w2k), for every directory processed, even
>>if you use max. one user for the whole operation.
>
>
> Yes, they are moving to ~/.subversion/auth/*, see
>
> http://subversion.tigris.org/issues/show_bug.cgi?id=1087
>
> for more.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Feb 11 17:00:26 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.