[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] don't store plain-text passwords by default

From: David Glasser <glasser_at_davidglasser.net>
Date: Thu, 17 Apr 2008 09:46:56 -0700

On Wed, Apr 16, 2008 at 1:28 PM, Karl Fogel <kfogel_at_red-bean.com> wrote:
> Stefan Sperling <stsp_at_elego.de> writes:
> > I've tested the patch with svnserve locally, on FreeBSD.
> > It works as I expected it to work. The password isn't stored by default.
> > It is however stored when I pass --store-plaintext-pw (this option only
> > needs to be used once per server/realm), or when I set the
> > store-plaintext-passwords option in ~/.subversion/config (which only
> > needs to be done once per user account).
> Bravo for writing the patch!
> If there is a config option for remembering passwords by default, then
> there needs to be a command-line option to not remember (use case: user
> feels that most repository passwords are not sensitive, but this one
> repository she's checking out today *is* sensitive, or the password
> she's using for it is shared with something else, or whatever).

Hmm. Am I the only one who is concerned by the compatibility
implications of this change? I'm sure that the web and organization's
HOWTOs are full of "run this command, type your password, and it'll
remember it for the future" statements. These all become false.

I'd be very happy to see it with storing passwords as the default, though.


David Glasser | glasser@davidglasser.net | http://www.davidglasser.net/
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-17 18:47:10 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.