[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security flaw: subversion stores passwords by default

From: Vincent Lefevre <vincent+svn_at_vinc17.org>
Date: Fri, 21 Mar 2008 16:23:23 +0100

On 2008-03-19 23:07:48 -0700, Hari Kodungallur wrote:
> Currently svn provides both choices - it will store the password for
> you or you can choose to not store as well. But we could look at his
> argument as to keep the same two choices, but just make the default
> to not store the password. The config parameter can be changed by
> users if they wish to (to make store-passwords to 'yes' to make it
> store the password).

IMHO, the default should be to ask the user, as he may want to store
*some* passwords only (i.e. the least sensitive ones).

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-21 16:23:43 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.