request : disable storeing of passwords as default

From: Marc Schoechlin <ms_at_256bit.org>
Date: Thu, 5 Jun 2008 17:35:20 +0200

Hi,

we are using subversion for administration purposes and we really
dislike that subversion stores password as default.

From my point of view storing of passwords per default is not a good idea because:

* unix systems are often shared environments
   (subversion cleartext passwords can be abused on other services
   with the same passwords)
* new subversion users do not expect that their password is stored
   in readable format in the filesystem
* system administrators cannot be sure that their users don´t forget
* to disable password storing by executing:
   ---
   svn info && echo 'store-passwords = no' >> ~/.subversion/config
   ---
   => this is especially important if you use subversion on shared
      accounts like "root" (for system administration purposes)
* it´s a good idea to make "more secure" settings to be default

Therefore i think it is a good idea to disable password storing as
default or to prompt the user for storing passwords.

What do you think about this ?

Best regards

Marc Schoechlin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-06-05 17:45:06 CEST

This message: [ Message body ]
Next message: Jens Seidel: "Bug during (interactive) merging?"
Previous message: David Glasser: "Re: use NULL commit callback in svn_repos_get_commit_editor5?"
Next in thread: Jens Seidel: "Re: request : disable storeing of passwords as default"
Reply: Jens Seidel: "Re: request : disable storeing of passwords as default"
Reply: Karl Fogel: "Re: request : disable storeing of passwords as default"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]