Olivier Mascia wrote:
> Stefan,
>
> Talking of the saved authentication, I just checked my files. I see the
> authentication is saved in a file. That file has a name which looks like
> a hash. But then if I open the file with a text editor, I find the
> details of the authentication in clear text.
>
> I have to admit that the file is created in an area which, by default,
> is not available to other ordinary users (if the Windows default
> settings are not changed).
>
> Questions:
>
> 1) Is this done by SubVersion or by TortoiseSVN ?
It's done by Subversion. TSVN has no way to interfere with that (sorry).
> 2) Wouldn't it be much better to have that info encrypted ?
> SubVersion or TortoiseSVN would have to ask for a password (not a user
> name, just a password, once for decrypting the auth info and then it
> would use it for all the session (as long as explorer runs).
I know. I'd rather have this encrypted too...
> I personally wouldn't mind to have to enter a password, once per session,
> for the added security. Some people use Apache+SSPI authentication and
> so what login / password gets stored there is the actual login/password
> for access to the network resources. That is a password quite important
> and sensible in most organizations. And having it stored in clear text,
> even in an area which is more or less private (but certainly not secured)
> is quite embarassing.
>
> Should this request / suggestion directed to SubVersion development team?
You can try. But before you do, please read the archived (one of them,
there are many...) mailing thread about this:
http://www.contactor.se/~dast/svnusers/archive-2003-09/0484.shtml
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Fri Jul 16 14:00:53 2004