[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Where are the plaintext passwords stored

From: Bert Huijben <bert_at_qqmail.nl>
Date: Fri, 22 Jan 2010 11:16:56 +0100

> -----Original Message-----
> From: Giulio Troccoli [mailto:Giulio.Troccoli_at_uk.linedata.com]
> Sent: donderdag 21 januari 2010 16:41
> To: users_at_subversion.apache.org
> Subject: Where are the plaintext passwords stored
>
> I always thought the passwords were stored in the .subversion/auth folder
> (I'm using Linux). And for plaintext passwords I expected to actually see
it
> there, is some files, in, well, plain text. But I don't. So, just out of
curiosity (I
> don't store passwords anyway), where are they?

Looking at your e-mail headers, I guess you are using Windows.

On Windows (NT 4 and later) the passwords are stored in the auth folder, but
encrypted with the per user cryptographic key managed by the Windows
CryptoAPI. I think this feature was added around Subversion 1.3/1.4. Before
that and on other operating systems than Windows the password is stored in
there as plain text if there is no specific store available.

Since Subversion 1.6 you get a warning from svn when the password will be
stored as plain text.

        Bert
Received on 2010-01-22 11:17:36 CET

This is an archived mail posted to the Subversion Users mailing list.