Re: [PATCH] Update AHHH! entry in FAQ

From: Arfrever Frehtes Taifersar Arahesis <arfrever.fta_at_gmail.com>
Date: Fri, 15 Aug 2008 03:19:42 +0200

2008-08-15 02:25:11 Stefan Sperling napisał(a):
> Hi,
>
> here's an update to the entry about plaintext password
> caching in the FAQ:
>
> [[[
>
> * www/faq.html
> (plaintext-passwords): Explain features which will be added
> in 1.6. Also, remove a remark about trusting the OS to protect
> plaintext data. This won't convince people who are concerned about
> not saving passwords in plaintext. In their minds, plaintext
> password data in the filesystem usually *is* the weakest
> link in a chain of security measures.
>
> ]]]
>
> OK?
>
> Stefan
>
> Index: www/faq.html
> ===================================================================
> --- www/faq.html (revision 32474)
> +++ www/faq.html (working copy)
> @@ -3075,14 +3021,19 @@
> On Mac OS X, svn 1.4 and later uses the system Keychain
> facility to encrypt/store your svn password.
>
> -On UNIX/Linux, there are no standard system encryption facilities,
> -so the password is stored in ~/.subversion/auth/. Notice, however,
> +Subversion 1.6 will address this issue for UNIX/Linux.
> +Support for Gnome-Keyring and KDEwallet has been implemented,

s/Gnome-Keyring and KDEwallet/GNOME Keyring and KWallet/

> +both of which facilitate storing passwords on disk encrypted.
> +The client will fall back to caching your password in plaintext
> +if neither of these programs are available, but it has also been
> +changed to never cache a password in plaintext without asking first.
> +
> +With Subversion 1.5 and earlier, on UNIX/Linux, the password can
> +only be stored in plaintext in ~/.subversion/auth/. Notice, however,
> that the directory which contains the cached passwords (usually
> ~/.subversion/auth/) has permissions of 700, meaning only you can read
> them.
>
> -Trust your OS to protect data on disk.
> -
> However, if you're really worried, you can permanently turn off
> password caching. With an svn 1.0 client, just set 'store-auth-creds
> = no' in your run-time config file. With an svn 1.1 client or later,
>

+1.

-- 
Arfrever Frehtes Taifersar Arahesis

application/pgp-signature attachment: This is a digitally signed message part.

Received on 2008-08-15 03:23:21 CEST

This message: [ Message body ]
Next message: Daniel Shahaf: "Re: [PATCH] Update AHHH! entry in FAQ"
Previous message: Julian Foad: "Re: Merge notification 'U' for interactive resolution - not 'G'?"
In reply to: Stefan Sperling: "[PATCH] Update AHHH! entry in FAQ"
Next in thread: Daniel Shahaf: "Re: [PATCH] Update AHHH! entry in FAQ"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]