[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

request : disable storeing of passwords as default

From: Marc Schoechlin <ms_at_256bit.org>
Date: Thu, 5 Jun 2008 17:35:20 +0200

Hi,

we are using subversion for administration purposes and we really
dislike that subversion stores password as default.

From my point of view storing of passwords per default is not a good idea because:

 * unix systems are often shared environments
   (subversion cleartext passwords can be abused on other services
   with the same passwords)
 * new subversion users do not expect that their password is stored
   in readable format in the filesystem
 * system administrators cannot be sure that their users donīt forget
 * to disable password storing by executing:
   ---
   svn info && echo 'store-passwords = no' >> ~/.subversion/config
   ---
   => this is especially important if you use subversion on shared
      accounts like "root" (for system administration purposes)
 * itīs a good idea to make "more secure" settings to be default

Therefore i think it is a good idea to disable password storing as
default or to prompt the user for storing passwords.

What do you think about this ?

Best regards

Marc Schoechlin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-06-05 17:45:06 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.