[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn caches password in local directory

From: Max Bowsher <maxb_at_ukf.net>
Date: 2005-06-10 14:35:08 CEST

Mark Parker wrote:
> Ben Collins-Sussman wrote:
>> A win32 svn 1.2 client stores the password cache encrypted using the
>> windows crypto API (basically using the user's system password). You
>> don't need to do anything to make it happen, it just happens. You
>> might want to destroy existing caches (rm %APPDATA%\Subversion\auth
>> \svn.simple\*) so that new encrypted ones are saved.
>> See the 1.2 releasenotes:
>> http://subversion.tigris.org/svn_1.2_releasenotes.html
> Also note that the password files won't *look* encrypted to the user
> that owns them (because the OS is decrypting them for you). If you
> select the option "Show encrypted or compressed NTFS files in color",
> they'll show up as green.

Looking at the code, I'm pretty sure that the above is false.

The password data is encrypted using Windows API functions. NTFS encryption
not involved.


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jun 10 14:37:10 2005

This is an archived mail posted to the Subversion Users mailing list.