[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: request : disable storeing of passwords as default

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Thu, 05 Jun 2008 12:10:09 -0400

Marc Schoechlin <ms_at_256bit.org> writes:
> we are using subversion for administration purposes and we really
> dislike that subversion stores password as default.
>
> From my point of view storing of passwords per default is not a good
> idea because:
>
> * unix systems are often shared environments
> (subversion cleartext passwords can be abused on other services
> with the same passwords)
> * new subversion users do not expect that their password is stored
> in readable format in the filesystem
> * system administrators cannot be sure that their users don´t forget
> * to disable password storing by executing:
> ---
> svn info && echo 'store-passwords = no' >> ~/.subversion/config
> ---
> => this is especially important if you use subversion on shared
> accounts like "root" (for system administration purposes)
> * it´s a good idea to make "more secure" settings to be default
>
> Therefore i think it is a good idea to disable password storing as
> default or to prompt the user for storing passwords.
>
> What do you think about this ?

This will be fixed in Subversion 1.6. See

   http://svn.collab.net/viewvc/svn?view=rev&revision=31046

-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-06-05 18:10:42 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.