[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security flaw: subversion stores passwords by default

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Thu, 20 Mar 2008 11:00:12 -0400

"Hari Kodungallur" <hkodungallur_at_gmail.com> writes:
> Currently svn provides both choices - it will store the password for
> you or you can choose to not store as well. But we could look at his
> argument as to keep the same two choices, but just make the default to
> not store the password. The config parameter can be changed by users
> if they wish to (to make store-passwords to 'yes' to make it store the
> password).

Sure. But we had this discussion years ago; we didn't just flip a coin
to choose the current way, we really hashed out the pros and cons.
(Hadmut may not have realized that, of course, since it was a long time
ago.)

Best,
-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-20 16:00:40 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.