After reading this bug, I'd like to say that I agree that the
authentication information should not be stored by default.
Both IE and Mozilla present a checkbox option to save a password for a
particular realm. Both Outlook Express and Mozilla Mail present an
option for whether the password is saved. For svn, if you don't actively
specify *each time* not to store the password, your entire repository
will be available to whomever has your computer.
I have some development machines on which I don't mind (and even want)
the passwords to be stored. But on the little Vaio I take around the
world with me, I don't want *any* passwords stored anywhere, so that if
my laptop gets stolen the thief may have some sort code but he/she won't
be able to muck around with my svn repository.
IMHO, authentication caching should be turned off unless explicitly
turned on.
Cheers,
Garret Wilson
Karl Fogel wrote:
> solo turn <soloturn99@yahoo.com> writes:
>
>>does libsvn_auth solve the user/passwd file problem by putting that
>>information somewhere else (server file, replace by something else)?
>>
>>these files are currently in .svn/auth, and written on every
>>operation like "svn up" (on w2k), for every directory processed, even
>>if you use max. one user for the whole operation.
>
>
> Yes, they are moving to ~/.subversion/auth/*, see
>
> http://subversion.tigris.org/issues/show_bug.cgi?id=1087
>
> for more.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Feb 11 17:00:26 2003