Re: RFC: Encrypting ~/.subversion/auth on Windows

On Fri, Nov 12, 2004 at 10:53:29PM +0100, Branko ??ibej wrote:
> We all know that storing passwords in cleartext in ~/.subversion/auth is
> not nice, but that a portable solution will take some doing. However,
> there's an easiy way to protect that dir even from superusers on Windows
> 2000 and newer, when the user's config dir is on an NTFS volume: Simply
> encrypt the directory when it's created. In order to do this in
> newly-created config directories, all it takes is an additional system
> call (well, taking care that it doesn't barf on older systems).
>
> Would it make sense to do something like that? I think it would be a
> huge improvement, at least on the PR front.
>
> We could also recommend to users to encrypt existing auth directories,
> it's a single command:
>
> cipher /E /A "%APPDATA%/Subversion/auth"

I'm not sure I like us doing such a platform specific thing. Actually
it's not even platform specific it's filesystem specific. If Windows
people want that security they should do the command themselves. I have
no problem with making this a FAQ. But adding code for it doesn't sound
very appealing.

-- 
Ben Reser <ben@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org