Re: [TSVN] UnCheck Save Authentication

Olivier Mascia wrote:

> S> A "master" password isn't good either. I mean, where would you store that?
>
> Nowhere of course, except in my head. The whole idea is to ask the user
> for the password each time it is required and not memory-cached (expired
> for instance). But is *only* asking for *a* single password. Very
> different than asking for a login and a password possibly different
> depending on which server the connection is made to.

Sorry, but I don't like that idea. Asking the user for a "master"
password everytime the computer starts up and a subversion client is
used for the first time - that's like having the auth data not stored at
all. I'd rather have the data stored as plaintext as it is now... :(

> AFAIK, DPAPI is a Windows 2000/XP thing. We could also use NTFS
> encryption capabilities. Not available everywhere too. Everywhere where
> I work, yes. But isn't TSVN and SVN available for Win95 for instance ?

Yes, the crypto API is only available for Win2k/XP. And yes, Subversion
even runs on Win95 (TSVN doesn't, but it does on Win98/Me and NT4).

> I'll have a look in there over the next days to see how that part of
> subversion code is architected.

Check out libsvn_subr\config_auth.c

that's where the auth data gets read from and wrote to disk.

Stefan

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Fri Jul 16 22:11:07 2004