[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Cached client credentials not encrypted on Win2K with Subversion 1.2.3.

From: Phillip Susi <psusi_at_cfl.rr.com>
Date: 2005-12-16 00:13:47 CET

It is not encrypted though. When I look in these files, I can see my
passwords in clear text. By the way, I use a client certificate to
authenticate to the server these days, and every time I run svn it asks
me for the password to decrypt the certificate, even though it is stored
here. I used to use a plain password over http instead of https and
that old password is stored in the other text file in this directory,
both are in clear text.

I also see the word 'password' in this file... is that the password type
you speak of, and should be 'wincrypt' instead?

John Szakmeister wrote:
> The book is wrong. :-) On Win32, and only Win32, it will encrypt the
> password. Take a look at one of the files in
> %APPDATA%\Subversion\auth\svn.simple. You'll see that the passtype is
> "wincrypt", which is Branko used to encrypt your password with some
> logon-related information.

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Dec 16 00:15:41 2005

This is an archived mail posted to the Subversion Users mailing list.