[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Feature Request: clients shouldn't store auth-creds

From: David Wilson <dw_at_botanicus.net>
Date: 2005-01-10 00:47:16 CET

Branko Čibej wrote:

> This thread is not about implementing authentication or encryption
> mechanisms, it's about temporarily cacheing credentials so that a)
> they're not stored on disk, and b) users don't have to provide them
> (type passwords) all the time. There's a world of difference between
> the two.

My apologies, I meant the abstract goal of providing secure storage of
private data.

> For example, "sudo" will temporarily cache the fact that you've
> confirmed your identity in a particular login session, and whilst it
> doesn't use a separate process for that, I'd still classify it as
> having an "agent". Interestingly enough, what "sudo" does is quite
> similar to storing session tokens.

FWIW, I don't mind the idea of time-limited tokens so much. It seems odd
to me that nobody else has implemented something like that before. ;)

> Others have walked that path several times, and there's nothing wrong
> with learning from their experience.

The history of man is a powerful testament to the contrary!

Good night,


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jan 10 00:48:33 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.