[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Feature Request: clients shouldn't store auth-creds

From: John Peacock <jpeacock_at_rowman.com>
Date: 2005-01-05 21:18:34 CET

Tobias Ringström wrote:

> The issue is
> whether Subversion should cache passwords by default or not. I still
> feel that it should not for the reasons I stated earlier in this thread,
> but I'm also beginning to realize, much to my surprise, that I'm pretty
> alone with that opinion.

FWIW, I agree with you that passwords should not be cached unless
someone makes a positive choice to do so. However, that _is_ a change
in behavior, both from the way that Subversion has acted until now, as
well as how cvs pserver client works (if you count `cvs login`).

How about a patch that does several things:

1) sets the default to cache=no

2) permits the following config settings:
        cache_passwords = no
        cache_passwords = yes
        cache_passwords = ask

3) permits some form of cached password expiration control, e.g. by
timestamp (ask only once per hour) or something equally clever (ask
every 42 commits?).


John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD  20706
301-459-3366 x.5010
fax 301-429-5748
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 5 21:19:50 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.