[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Psaswords

From: Roland Schwingel <roland.schwingel_at_onevision.de>
Date: 2005-10-14 12:49:50 CEST


Dimitri Papadopoulos-Orfanos <papadopo@shfj.cea.fr> wrote on 14.10.2005
> > Any options to make the password-storage on the client more secure? I
> > would like to see this files not world-readable. Is this possible by
> > default?
> This is covered by the FAQ:
> http://subversion.tigris.org/faq.html#plaintext-passwords
> First of all, notice that the directory which contains the
> cached passwords (usually ~/.subversion/auth/ on Unix systems)
> has permissions of 700, meaning only you can read them. Trust
> your OS to protect data on disk.
> Can you confirm the passwords are actually world readable in youre case?
I can confirm this in my case... I have a linux machine serving the
users homeaccounts
with samba to windows clients running cygwin with svn compiled for cygwin.

In my case this folder is *always* generated world readable, because a
chmod on cygwin
is not completly transparent over samba to the linux fs. :-(

I would also like to see the passwords scrambled by default. At present
I have a cronjob
running hourly to protect the .subversion folders of each user.


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Oct 14 12:52:05 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.