[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SVN password encryption

From: Gabriela Gibson <gabriela.gibson_at_gmail.com>
Date: Sat, 24 May 2014 13:08:12 +0100


Could we make the svn password encrypted by default by setting the
 ./subversion/servers entry 'store-plaintext-passwords' to 'no'?

Currently, setting up password encryption requires digging through the
docs, and it's tempting, especially for casual users, to avoid that effort
by storing the password in clear text. Whilst people shouldn't do that,
there is just so much software and so little time, and all too often, 'I'll
do that later' never happens.

Even if the user sets up password encryption, the previously created clear
text password will sit around until they realise this problem and find and
delete that file.

I think that making passwords encrypted by default and requiring work to be
'unsafe' is a good solution here. Or maybe, the ability to store clear
text passwords ought to be removed all together.

Also, it might be an idea that once the password for a particular user is
changed from clear text to encrypted, that the corresponding clear text
file is automatically removed; and that people who upgrade their svn and
still use a clear text passwords are prompted with the offer of an
automatic fix that encrypts their current clear text passwords, and then
removes the old clear text files, but gives them a chance of making a note
in case they long forgotten their passwords.

What do you think?



Visit my Coding Diary: http://gabriela-gibson.blogspot.com/
Received on 2014-05-24 14:08:46 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.