[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security flaw: subversion stores passwords by default

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Thu, 20 Mar 2008 11:08:02 -0400

Greg Thomas <thomasgd_at_omc.bt.co.uk> writes:
> On Wed, 19 Mar 2008 23:07:48 -0700, "Hari Kodungallur"
> <hkodungallur_at_gmail.com> wrote:
>>Currently svn provides both choices - it will store the password for you or
>>you can choose to not store as well. But we could look at his argument as to
>>keep the same two choices, but just make the default to not store the
>>password. The config parameter can be changed by users if they wish to (to
>>make store-passwords to 'yes' to make it store the password).
> I wonder if this sort of setting could be part of the repo-wide client
> configuration discussed at
> http://subversion.tigris.org/issues/show_bug.cgi?id=1974 ("server-side
> config which 'broadcasts' to clients")

I think that's a good idea, and added


to record it.

To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-20 16:08:27 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.