[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Cached client credentials not encrypted on Win2K with Subversion 1.2.3.

From: Phillip Susi <psusi_at_cfl.rr.com>
Date: 2005-12-15 17:51:55 CET

According to that chapter in the book, the password itself is not
"encrypted" ( by which you seem to actually mean obfuscated, which is
entirely different ), instead the entire file is encrypted using
windows' EFS. That WOULD allow you, as the owner of the file, to open
it and see the password with notepad, but other users would be denied
access, and if someone plugged the disk into another computer and tried
to look at the file with say, a hex editor on the raw partition, they
would only find encrypted data.

Looking at my auth cache on this win2k machine though, it does NOT
appear that the file is encrypted, because the "Encrypt contents to
secure data" attribute is not set according to explorer, so it does seem
that this is broken.

John Szakmeister wrote:
> On Wednesday 14 December 2005 18:58, Barnett, Chris wrote:
> Not true. I think you're thinking about encrypted partitions. The whole file
> is not encrypted, just the password part. If you aren't seeing it, then try
> removing %APPDATA%\Subversion\auth. IIRC, Subversion will not automatically
> go back and encrypt the passwords after an upgrade. It will continue using
> what was there already. Note that you will have to enter your passwords
> again the first time you connect to a repository.
> -John

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Dec 15 18:03:33 2005

This is an archived mail posted to the Subversion Users mailing list.