[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

request : disable storeing of passwords as default

From: Marc Schoechlin <ms_at_256bit.org>
Date: Thu, 5 Jun 2008 17:35:20 +0200


we are using subversion for administration purposes and we really
dislike that subversion stores password as default.

From my point of view storing of passwords per default is not a good idea because:

 * unix systems are often shared environments
   (subversion cleartext passwords can be abused on other services
   with the same passwords)
 * new subversion users do not expect that their password is stored
   in readable format in the filesystem
 * system administrators cannot be sure that their users donīt forget
 * to disable password storing by executing:
   svn info && echo 'store-passwords = no' >> ~/.subversion/config
   => this is especially important if you use subversion on shared
      accounts like "root" (for system administration purposes)
 * itīs a good idea to make "more secure" settings to be default

Therefore i think it is a good idea to disable password storing as
default or to prompt the user for storing passwords.

What do you think about this ?

Best regards

Marc Schoechlin

To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-06-05 17:45:06 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.