RE: Cached client credentials not encrypted on Win2K with Subversion 1.2.3.

From: Joel Kuehner <jkuehne1_at_irf.com>
Date: 2005-12-15 00:38:21 CET

OK, but these threads seem to be discussing the plain-text nature of the stored password. I am fine with that.

I am referring to the apparent discrepancy between the behavior I see (file not encrypted) and the following paragraph from the Client Credentials Caching section of the Subversion Book (1.2):

"On Windows 2000 and later, the Subversion client uses standard Windows cryptography services to encrypt the password on disk. Because the encryption key is managed by Windows and is tied to the user's own login credentials, only the user can decrypt the cached password. (Note: if the the user's Windows account password is changed, all of the cached passwords become undecipherable. The Subversion client will behave as if they don't exist, prompting for passwords when required.)"

My Subversion installation does not seem to comply with this paragraph.

- Joel

-----Original Message-----
From: FG [mailto:fgatwork@verizon.net]
Sent: Wed 2005-12-14 18:04
To: Joel Kuehner; users@subversion.tigris.org
Subject: Re: Cached client credentials not encrypted on Win2K with Subversion 1.2.3.

Joel Kuehner wrote:
> Hi,
>
> In the past couple of weeks I've installed Subversion 1.2.3. Prior to
> this we were using CVS. I'm a newbie as far as Subversion is
> concerned, so maybe I misunderstand what is going on.
>
> I am running Windows 2000 SP4. Our repository is served by Apache
> running on a WinNT 4 box.
>
> I noticed today that my authentication file in
> |%APPDATA%/Subversion/auth/svn.simple does not seem to be encrypted.
> If I look at the file properties the "Encrypt contents to secure data"
> box is not checked.
>
> Is this normal?
> |
> --
> Joel Kuehner - Senior Development Engineer
> International Rectifier (Automotive Systems)
> 7020 Mumford Rd, Halifax, NS, Canada, B3L 4S9
> Ph: 902-431-1644 x261
> Fax: 902-431-1645
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org For
> additional commands, e-mail: users-help@subversion.tigris.org
Joel,

This is very normal, and has been for quite some time. There have been
several other threads in the list discussing this. One of the more
recent is http://svn.haxx.se/users/archive-2005-11/0594.shtml.

Also - check out this FAQ -
http://subversion.tigris.org/faq.html#plaintext-passwords

Regards,
Frank
Received on Thu Dec 15 00:43:55 2005

This message: [ Message body ]
Next message: Barnett, Chris: "RE: Cached client credentials not encrypted on Win2K with Subversion 1.2.3."
Previous message: Rob Benton: "stubborn archive file won't commit"
Maybe in reply to: Joel Kuehner: "Cached client credentials not encrypted on Win2K with Subversion 1.2.3."
Next in thread: Barnett, Chris: "RE: Cached client credentials not encrypted on Win2K with Subversion 1.2.3."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]