[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security flaw: subversion stores passwords by default

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Thu, 20 Mar 2008 10:58:12 -0400

Paul Koning <Paul_Koning_at_dell.com> writes:
> So... it would certainly be possible for Subversion to have an
> analogous scheme, where you run a tool (it might even be the standard
> client) with a command that says "go into the background and be a
> credentials agent for the client". That gives you the convenience of
> svn+ssh with ssh-agent, without the need to set up SSH based access
> control, and without plaintext on-disk passwords.

Yes, it's been discussed for years (search for "svn-agent"), but no one
has implemented it.

To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-20 15:58:35 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.