Re: Security flaw: subversion stores passwords by default

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Thu, 20 Mar 2008 11:08:02 -0400

Greg Thomas <thomasgd_at_omc.bt.co.uk> writes:
> On Wed, 19 Mar 2008 23:07:48 -0700, "Hari Kodungallur"
> <hkodungallur_at_gmail.com> wrote:
>
>>Currently svn provides both choices - it will store the password for you or
>>you can choose to not store as well. But we could look at his argument as to
>>keep the same two choices, but just make the default to not store the
>>password. The config parameter can be changed by users if they wish to (to
>>make store-passwords to 'yes' to make it store the password).
>
> I wonder if this sort of setting could be part of the repo-wide client
> configuration discussed at
> http://subversion.tigris.org/issues/show_bug.cgi?id=1974 ("server-side
> config which 'broadcasts' to clients")

I think that's a good idea, and added

http://subversion.tigris.org/issues/show_bug.cgi?id=1974#desc14

to record it.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-20 16:08:27 CET

This message: [ Message body ]
Next message: Les Mikesell: "Re: Security flaw: subversion stores passwords by default"
Previous message: Karl Fogel: "Re: Security flaw: subversion stores passwords by default"
In reply to: Greg Thomas: "Re: Security flaw: subversion stores passwords by default"
Next in thread: Karl Fogel: "Re: Security flaw: subversion stores passwords by default"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]