[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: RFC: Encrypting ~/.subversion/auth on Windows

From: <kfogel_at_collab.net>
Date: 2004-11-12 21:14:13 CET

Branko Čibej <brane@xbc.nu> writes:
> We all know that storing passwords in cleartext in ~/.subversion/auth
> is not nice, but that a portable solution will take some
> doing. However, there's an easiy way to protect that dir even from
> superusers on Windows 2000 and newer, when the user's config dir is on
> an NTFS volume: Simply encrypt the directory when it's created. In
> order to do this in newly-created config directories, all it takes is
> an additional system call (well, taking care that it doesn't barf on
> older systems).
>
> Would it make sense to do something like that? I think it would be a
> huge improvement, at least on the PR front.
>
> We could also recommend to users to encrypt existing auth directories,
> it's a single command:
>
> cipher /E /A "%APPDATA%/Subversion/auth"

+1

Is this encryption based on the user's password or something?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Nov 12 23:10:20 2004

This is an archived mail posted to the Subversion Dev mailing list.