Index: faq.html =================================================================== --- faq.html (revision 18572) +++ faq.html (working copy) @@ -3016,16 +3016,24 @@
Calm down, take a deep breath.
-First of all, notice that the directory which contains the cached -passwords (usually ~/.subversion/auth/ on Unix systems) has permissions -of 700, meaning only you can read them. Trust your OS to protect data -on disk.
+On UNIX, notice that the directory which contains the cached +passwords (usually ~/.subversion/auth/) has permissions +of 700, meaning only you can read them.
-Secondly, if you're really worried, you can permanently turn off +
On Windows 2000 or later, svn 1.2 and above uses standard +Windows APIs to encypt the data, so only the user can decrypt the +cached password.
+ +Trust your OS to protect data on disk.
+ +However, if you're really worried, you can permanently turn off password caching. With an svn 1.0 client, just set 'store-auth-creds = no' in your run-time config file. With an svn 1.1 client or later, you can use the more narrowly-defined 'store-passwords = no' (so that -server certs are still cached.)
+server certs are still cached). More information on password cacheing +is in chapter 6 of the "Nightly +Build" Subversion book, under "Client Credentials Caching".Lastly, we point out that CVS has been caching passwords for years in the .cvspass file. It may look like the passwords in .cvspass are