Re: Authentication - storing of passwords in ~/.subversion/auth/svn.simple

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2003-09-19 14:03:07 CEST

Roland Schwingel <Roland.Schwingel@onevision.de> writes:

> Roland, who is not wanting to start an ideologic war here, just noticing a
> (in my eyes) security design flaw.

There's no security flaw here; this has been discussed many times in
the past. ~/.subversion/auth/ is set to chmod 700. That means no
spying eyes can look at your cached cleartext passwords.

If you don't want the caching to happen at all, just set

[auth]
store-password = no

...in your ~/.subversion/config file. End of story.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Sep 19 14:04:09 2003

This message: [ Message body ]
Next message: Ben Collins-Sussman: "Re: Socket error 10054"
Previous message: sebi_at_free.intellinet.pl: "Problem: FreeBSD, SVN, MOD_DAV_SVN, Apache2, OpenSSL: Undefined symbol "gdbm_errno""
In reply to: Roland Schwingel: "Re: Authentication - storing of passwords in ~/.subversion/auth/svn.simple"
Next in thread: Benjamin Pflugmann: "Re: Authentication - storing of passwords in ~/.subversion/auth/svn.simple"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]