----- Nico Kadel-Garcia <nkadel@comcast.net> wrote:
> ----- Original Message -----
> From: "Martin Povolný" <martin.povolny@solnet.cz>
> To: <users@subversion.tigris.org>
> Sent: Thursday, July 27, 2006 4:01 AM
> Subject: problems when using subversion over http with large files
>
> Hallo,
>
> we are using subversion on a couple of quite large repozitories.
> In our setup we have apache2 with ldap authentication and
> dav_svn.
>
> Uh-oh. You've walked square into a serious security issue: The SVN clients
> store user login names and passwords in cleartext: for the commandline, it's
> typically in $HOME/.subversion/./auth/svn.simple/[hashedname]
>
> If you have the Apache LDAP using your user's normal login passwords, which
> is easy to do, then your user's passwords are stored in cleartext in the
> home directory of their LDAP client. The graceful way to avoid the problem
> is to use svn+ssh for write access.
Not in Windows (they're using TortoiseSVN). It's stored encrypted on the Windows platform, and in the Keychain on Mac OS X.
-John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jul 28 10:50:34 2006