Re: Security flaw: subversion stores passwords by default

From: Vincent Lefevre <vincent+svn_at_vinc17.org>
Date: Fri, 21 Mar 2008 16:23:23 +0100

On 2008-03-19 23:07:48 -0700, Hari Kodungallur wrote:
> Currently svn provides both choices - it will store the password for
> you or you can choose to not store as well. But we could look at his
> argument as to keep the same two choices, but just make the default
> to not store the password. The config parameter can be changed by
> users if they wish to (to make store-passwords to 'yes' to make it
> store the password).

IMHO, the default should be to ask the user, as he may want to store
*some* passwords only (i.e. the least sensitive ones).

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org

Received on 2008-03-21 16:23:43 CET

This message: [ Message body ]
Next message: Phil: "Re: Pre-commit hooks"
Previous message: Vincent Lefevre: "Re: Security flaw: subversion stores passwords by default"
In reply to: Hari Kodungallur: "Re: Security flaw: subversion stores passwords by default"
Next in thread: Paul Koning: "Re: Security flaw: subversion stores passwords by default"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]