[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: subversion reveals passwords

From: Alan Barrett <apb_at_cequrux.com>
Date: Tue, 8 Apr 2008 13:24:16 +0200

On Mon, 07 Apr 2008, ghudson_at_MIT.EDU wrote:
> Subversion could default to not remembering the password, but it would
> be the first default everyone needs to change when using it.

If the only way of remembering a password involved changing the default,
then yes, many people would change the default. However, if there was
an easy way of asking svn to remember a password without changing any
defaults, then I think people would use that. I suggest "svn login
[URL]" to remember a username and password, and "svn logout [URL]" to
forget a username and password.

> People evaluating Subversion as an alternative to CVS (which is just
> as nefarious in this department) would very quickly develop the
> impression that Subversion is a pain in the ass to use, whether or not
> they conciously agree with the default.

CVS is not "just as nefarious". It stores passwords in a slightly
obfuscated way (which is trivial to reverse, but nevertheless protects
against some forms of accidental disclosure), and it doesn't remember
passwords unless you use "cvs login".

--apb (Alan Barrett)

To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-08 13:24:52 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.