[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Feature Request: clients shouldn't store auth-creds

From: John Peacock <jpeacock_at_rowman.com>
Date: 2005-01-05 21:18:34 CET

Tobias Ringström wrote:

> The issue is
> whether Subversion should cache passwords by default or not. I still
> feel that it should not for the reasons I stated earlier in this thread,
> but I'm also beginning to realize, much to my surprise, that I'm pretty
> alone with that opinion.

FWIW, I agree with you that passwords should not be cached unless
someone makes a positive choice to do so. However, that _is_ a change
in behavior, both from the way that Subversion has acted until now, as
well as how cvs pserver client works (if you count `cvs login`).

How about a patch that does several things:

1) sets the default to cache=no

2) permits the following config settings:
        cache_passwords = no
        cache_passwords = yes
        cache_passwords = ask

3) permits some form of cached password expiration control, e.g. by
timestamp (ask only once per hour) or something equally clever (ask
every 42 commits?).

John 

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD  20706
301-459-3366 x.5010
fax 301-429-5748
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 5 21:19:50 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.