[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Password stored in clear text!

From: Nico Kadel-Garcia <nkadel_at_comcast.net>
Date: 2006-08-22 01:38:37 CEST

Garrett Rooney wrote:
> On 8/21/06, Stephen Adler <adler@stephenadler.com> wrote:
>> Guys,
>> in .subversion/auth/svn.simple/d03da0c1495ff5b9551c9e3487f24f94, my
>> password to
>> my account is stored in clear text! Is this secure?
> It's stored with permissions such that you're the only user who can
> read it.

Unless you have it on a laptop someone else has physical access to. Or you
backup your home directory. Or you share home directories via NFS. Or......

The legion of ways to nab stored clear-text passwords is pretty large. It's
something that bugs the tar out of me.

>> Is there a way of
>> telling subversion not
>> to store my password in clear text?
> In ~/.subversion/config you can put something like:
> [auth]
> atore-auth-creds = no
> But note that then you'll have to enter the password whenever it's
> needed.

Or switch to ssh+svnserve access, which also avoids this little problem.

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 22 01:39:51 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.