Re: Security flaw: subversion stores passwords by default

From: Greg Thomas <thomasgd_at_omc.bt.co.uk>
Date: Thu, 20 Mar 2008 09:54:20 +0000

On Wed, 19 Mar 2008 23:58:39 +0100, Hadmut Danisch <hadmut_at_danisch.de>
wrote:

>Unless turned off in the users (or common) configuration file,
>subversion stores the password in plain textfiles.

Both Windows and MacOS X both use standard APIs to ensure only users
who have the OS account password can read the files -
http://subversion.tigris.org/faq.html#plaintext-passwords

They only look plain text to you because you are logged in to that
account.

Greg

-- 
This post represents the views of the author and does
not necessarily accurately represent the views of BT.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org

Received on 2008-03-20 10:54:52 CET

This message: [ Message body ]
Next message: Greg Thomas: "Re: Security flaw: subversion stores passwords by default"
Previous message: Erik Huelsmann: "Re: Corruption when using --threads"
In reply to: Hadmut Danisch: "Security flaw: subversion stores passwords by default"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]