Re: [PATCH] don't store plain-text passwords by default

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Wed, 16 Apr 2008 16:28:52 -0400

Stefan Sperling <stsp_at_elego.de> writes:
> I've tested the patch with svnserve locally, on FreeBSD.
> It works as I expected it to work. The password isn't stored by default.
> It is however stored when I pass --store-plaintext-pw (this option only
> needs to be used once per server/realm), or when I set the
> store-plaintext-passwords option in ~/.subversion/config (which only
> needs to be done once per user account).

Bravo for writing the patch!

If there is a config option for remembering passwords by default, then
there needs to be a command-line option to not remember (use case: user
feels that most repository passwords are not sensitive, but this one
repository she's checking out today *is* sensitive, or the password
she's using for it is shared with something else, or whatever).

-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-16 22:29:47 CEST

This message: [ Message body ]
Next message: Branko Čibej: "Re: embedded versioning"
Previous message: Karl Fogel: "[PROPOSAL] how to implement 'svn obliterate'"
In reply to: Stefan Sperling: "[PATCH] don't store plain-text passwords by default (was: Re: subversion reveals passwords)"
Next in thread: Stefan Sperling: "Re: [PATCH] don't store plain-text passwords by default"
Reply: Stefan Sperling: "Re: [PATCH] don't store plain-text passwords by default"
Reply: David Glasser: "Re: [PATCH] don't store plain-text passwords by default"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]