This is good news, I think we might be able to live with this. Since
it seems most of our users are using Tortoise. Thanks!
On Aug 27, 2004, at 1:58 AM, Vincent Thornley wrote:
> Paul Ossenbruggen wrote:
> > Another possibility, that someone suggested, is writing some sort
> of shell
> > script that caches the password. We would turn off caching. This
> > might be an
> > immediate solution that would not be hard to implement, however his
> > might restrict the full set of commands available. Also our
> > users would not be happy with this. Seems like Tortoise could cache
> > password in its process, but I am pretty sure it does not.
> From 1.1 RC1 Tortoise separately encrypts and stores authentication
> itself and it is recommended that the subversion plaintext password
> cache is
> turned off.
> > The last solution, being advocated by Security Guy, which
> > requires the least
> > amount of change, is to turn off the cache and make people type a
> lot of
> > passwords. Does anyone have experience with this and how annoying
> > it is? He
> > is judging that we might have maybe 10 commands per developer per
> > day where
> > we have to enter our passwords, since it is only the commands talk
> to the
> > server that need to authenticate. I would guess it is more like
> If your users extensively use Tortoise and the CL client is seldom
> this shouldn't be a problem. Turn off the cache. Tortoise will store
> passwords encrypted and the few times it is necessary to resort to the
> command line it shouldn't be too bad to have to type the password.
Received on Sat Aug 28 02:57:11 2004