Security flaw: subversion stores passwords by default
From: Hadmut Danisch <hadmut_at_danisch.de>
Date: Wed, 19 Mar 2008 23:58:39 +0100
Hi,
I just installed a subversion repository together with webdav and an
Accessing this repository over HTTPS worked perfectly except for a
Unless turned off in the users (or common) configuration file,
Although not a bug in the common sense, this is a severe security flaw
I would strongly recommend to modify this behavior and to never ever let
And, btw., would be nice to support the https://user@server/... syntax
regards
---------------------------------------------------------------------
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.