Re: Password stored in clear text!

From: Nico Kadel-Garcia <nkadel_at_comcast.net>
Date: 2006-08-22 01:38:37 CEST

Garrett Rooney wrote:
> On 8/21/06, Stephen Adler <adler@stephenadler.com> wrote:
>> Guys,
>>
>> in .subversion/auth/svn.simple/d03da0c1495ff5b9551c9e3487f24f94, my
>> password to
>> my account is stored in clear text! Is this secure?
>
> It's stored with permissions such that you're the only user who can
> read it.

Unless you have it on a laptop someone else has physical access to. Or you
backup your home directory. Or you share home directories via NFS. Or......

The legion of ways to nab stored clear-text passwords is pretty large. It's
something that bugs the tar out of me.

>> Is there a way of
>> telling subversion not
>> to store my password in clear text?
>
> In ~/.subversion/config you can put something like:
>
> [auth]
> atore-auth-creds = no
>
> But note that then you'll have to enter the password whenever it's
> needed.

Or switch to ssh+svnserve access, which also avoids this little problem.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 22 01:39:51 2006

This message: [ Message body ]
Next message: Nico Kadel-Garcia: "Re: Svnserve and apache svn at the same time..."
Previous message: Andreas Thuy: "Repository on a portable hard disk"
In reply to: Garrett Rooney: "Re: Password stored in clear text!"
Next in thread: Garrett Rooney: "Re: Password stored in clear text!"
Reply: Garrett Rooney: "Re: Password stored in clear text!"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]