[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security flaw: subversion stores passwords by default

From: Greg Thomas <thomasgd_at_omc.bt.co.uk>
Date: Thu, 20 Mar 2008 09:54:20 +0000

On Wed, 19 Mar 2008 23:58:39 +0100, Hadmut Danisch <hadmut_at_danisch.de>
wrote:

>Unless turned off in the users (or common) configuration file,
>subversion stores the password in plain textfiles.

Both Windows and MacOS X both use standard APIs to ensure only users
who have the OS account password can read the files -
http://subversion.tigris.org/faq.html#plaintext-passwords

They only look plain text to you because you are logged in to that
account.

Greg

-- 
This post represents the views of the author and does
not necessarily accurately represent the views of BT.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-20 10:54:52 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.