[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn caches password in local directory

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2005-06-09 19:38:22 CEST

On Jun 9, 2005, at 6:09 AM, Andreas Kostyrka wrote:

>> Where is it in the documentation? I don't have the 1.2.0
>> documentation. Latest I can find is for Subversion 1.1 built from
>> revision 1337. Where can I find it?
>>
>> Deployment is not far away, I think. But this security issue stands
>> in the way. :(
>>
>
> Well if it's an security issue, the only way is to disable password
> caching.
> Any "encryption" that doesn't require the user to supply a key is just
> obfuscation.

A win32 svn 1.2 client stores the password cache encrypted using the
windows crypto API (basically using the user's system password). You
don't need to do anything to make it happen, it just happens. You
might want to destroy existing caches (rm %APPDATA%\Subversion\auth
\svn.simple\*) so that new encrypted ones are saved.

See the 1.2 releasenotes:

http://subversion.tigris.org/svn_1.2_releasenotes.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jun 9 19:41:43 2005

This is an archived mail posted to the Subversion Users mailing list.