[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: PATCH: Update FAQ re. plaintext passwords

From: <kfogel_at_collab.net>
Date: 2006-02-27 20:44:55 CET

"Greg Thomas" <greg.d.thomas@gmail.com> writes:
> [[[
> * www/faq.html (plaintext-passwords): Highlight that Win2K+ passwords
> are encrypted.
> ]]]

The nightly builds of the book explicitly ask not to be linked to; do
you think you could redo this patch to point to the right section in a
stable version of the book?

Thanks,
-Karl

-- 
www.collab.net  <>  CollabNet  |  Distributed Development On Demand
> Index: faq.html
> ===================================================================
> --- faq.html	(revision 18572)
> +++ faq.html	(working copy)
> @@ -3016,16 +3016,24 @@
>  
>  <p>Calm down, take a deep breath.</p>
>  
> -<p>First of all, notice that the directory which contains the cached
> -passwords (usually ~/.subversion/auth/ on Unix systems) has permissions
> -of 700, meaning only you can read them.  Trust your OS to protect data
> -on disk.</p>
> +<p>On UNIX, notice that the directory which contains the cached
> +passwords (usually ~/.subversion/auth/) has permissions
> +of 700, meaning only you can read them.</p>
>  
> -<p>Secondly, if you're really worried, you can permanently turn off
> +<p>On Windows 2000 or later, svn 1.2 and above uses standard 
> +Windows APIs to encypt the data, so only the user can decrypt the 
> +cached password.</p>
> +
> +<P>Trust your OS to protect data on disk.</p>
> +
> +<p>However, if you're really worried, you can permanently turn off
>  password caching.  With an svn 1.0 client, just set 'store-auth-creds
>  = no' in your run-time config file.  With an svn 1.1 client or later,
>  you can use the more narrowly-defined 'store-passwords = no' (so that
> -server certs are still cached.)</p>
> +server certs are still cached). More information on password cacheing
> +is in chapter 6 of the <a 
> +href="http://svnbook.red-bean.com/nightly/en/index.html">"Nightly 
> +Build" Subversion book</a>, under "Client Credentials Caching".</p>
>  
>  <p>Lastly, we point out that CVS has been caching passwords for years
>  in the .cvspass file.  It may look like the passwords in .cvspass are
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
-- 
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Feb 27 22:50:15 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.