Re: svn caches password in local directory

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2005-06-09 19:38:22 CEST

On Jun 9, 2005, at 6:09 AM, Andreas Kostyrka wrote:

>> Where is it in the documentation? I don't have the 1.2.0
>> documentation. Latest I can find is for Subversion 1.1 built from
>> revision 1337. Where can I find it?
>>
>> Deployment is not far away, I think. But this security issue stands
>> in the way. :(
>>
>
> Well if it's an security issue, the only way is to disable password
> caching.
> Any "encryption" that doesn't require the user to supply a key is just
> obfuscation.

A win32 svn 1.2 client stores the password cache encrypted using the
windows crypto API (basically using the user's system password). You
don't need to do anything to make it happen, it just happens. You
might want to destroy existing caches (rm %APPDATA%\Subversion\auth
\svn.simple\*) so that new encrypted ones are saved.

See the 1.2 releasenotes:

http://subversion.tigris.org/svn_1.2_releasenotes.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jun 9 19:41:43 2005

This message: [ Message body ]
Next message: Frank Gruman: "Re: Version control of Databases"
Previous message: John Browne: "Re: Version control of Databases"
In reply to: Andreas Kostyrka: "Re: svn caches password in local directory"
Next in thread: Mark Parker: "Re: svn caches password in local directory"
Reply: Mark Parker: "Re: svn caches password in local directory"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]