RE: Re: Setting location of auth cache - securing stored passwords

From: Zoltan Megyesi <cherry_at_ludens.elte.hu>
Date: Wed, 5 Aug 2009 09:58:51 -0700 (PDT)

Thanks for the answer.
> The password should be encrypted already in that location using the
> Windows Crypto API (assuming you're using a sufficiently recent
> release of Subversion/TSVN).
That is unfortunately not enough. Many reasons, including: it is easier to break the weak or non-existent user passwords, laptops can be stolen, etc..
More importantly we want to control the safety of specific repositories our way.

> You should be more concerned with the
> password storage on the server and over the wire; depending on how
> your server is configured, they may be stored & transmitted in
> plaintext there.
I am concerned, but these are issues for a different topic.

Currently I need to place the cache to a different location, but I could not set cache location in the client settings. I hoped there were some configuration options for this. They would be useful. (I could avoid modifying %appdata%)

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2380544

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2009-08-05 18:59:15 CEST

This message: [ Message body ]
Next message: Stefan Küng: "Re: TortoiseSVN not working"
Previous message: pame somers: "Re: TortoiseSVN not working"
In reply to: Andy Levy: "Re: Setting location of auth cache - securing stored passwords"
Next in thread: Andy Levy: "Re: Re: Setting location of auth cache - securing stored passwords"
Reply: Andy Levy: "Re: Re: Setting location of auth cache - securing stored passwords"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]