Re: Security flaw: subversion stores passwords by default

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Thu, 20 Mar 2008 10:58:12 -0400

Paul Koning <Paul_Koning_at_dell.com> writes:
> So... it would certainly be possible for Subversion to have an
> analogous scheme, where you run a tool (it might even be the standard
> client) with a command that says "go into the background and be a
> credentials agent for the client". That gives you the convenience of
> svn+ssh with ssh-agent, without the need to set up SSH based access
> control, and without plaintext on-disk passwords.

Yes, it's been discussed for years (search for "svn-agent"), but no one
has implemented it.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-20 15:58:35 CET

This message: [ Message body ]
Next message: Karl Fogel: "Re: Security flaw: subversion stores passwords by default"
Previous message: Paul Koning: "Re: MAC OSX Client."
In reply to: Paul Koning: "Re: Security flaw: subversion stores passwords by default"
Next in thread: Greg Thomas: "Re: Security flaw: subversion stores passwords by default"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]