[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Obfuscate auth info

From: Peter Samuelson <peter_at_p12n.org>
Date: 2006-10-18 15:35:50 CEST

[Fernandes, Filipe (Bolton)]
> But having said that, it's still an issue for me and it's not far
> enough that passwords are simply base64 encoded. Better, but not
> nearly as good as if they were encrypted.

How do you propose to encrypt the passwords?

Do you want subversion to ask you for a password so it can decrypt your
other password? Sounds a bit absurd to me - I mean, in that case, why
bother to store the password at all? You should instead look at the
'store-passwords = no' setting in ~/.subversion/config.

So, this is the sort of facility that belongs somewhere _outside_
subversion. What you really want is for subversion to be able to
interface with an OS facility for secure password management....

Amazingly, subversion already does this! At least, it does if you use
a platform that includes such a facility, namely Mac OS X or Windows
NT. Password management glue for your favorite non-Windows, non-OS X
system would, I'm sure, be welcome.

Received on Wed Oct 18 15:36:23 2006

This is an archived mail posted to the Subversion Dev mailing list.