[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [TSVN] UnCheck Save Authentication

From: Olivier Mascia <om_at_tipgroup.com>
Date: 2004-07-16 12:02:14 CEST

On Fri, 16 Jul 2004 09:57:01 +0200,
SteveKing <stefankueng@gmail.com> wrote:

S> On Thu, 15 Jul 2004 17:01:33 -0400, bpwest@comcast.net
S> <bpwest@comcast.net> wrote:
S> ...
S> > How do you modify TortoiseSVN to un-check the
S> > save authentication selection, so that the
S> > Authentication dialog gets displayed again?
S>
S> Open the folder %APPDATA%\Subversion (e.g. c:\users and
S> documents\yourusername\applicationdata\Subversion).
S> In there you'll find an "auth" folder and in there your authentication
S> info. Just delete that folder.

Stefan,

Talking of the saved authentication, I just checked my files. I see the
authentication is saved in a file. That file has a name which looks like
a hash. But then if I open the file with a text editor, I find the
details of the authentication in clear text.

I have to admit that the file is created in an area which, by default,
is not available to other ordinary users (if the Windows default
settings are not changed).

Questions:

1) Is this done by SubVersion or by TortoiseSVN ?
2) Wouldn't it be much better to have that info encrypted ?
SubVersion or TortoiseSVN would have to ask for a password (not a user
name, just a password, once for decrypting the auth info and then it
would use it for all the session (as long as explorer runs).

I personally wouldn't mind to have to enter a password, once per session,
for the added security. Some people use Apache+SSPI authentication and
so what login / password gets stored there is the actual login/password
for access to the network resources. That is a password quite important
and sensible in most organizations. And having it stored in clear text,
even in an area which is more or less private (but certainly not secured)
is quite embarassing.

Should this request / suggestion directed to SubVersion development team? 

-- 
Olivier Mascia
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Fri Jul 16 13:10:52 2004

This is an archived mail posted to the TortoiseSVN Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.