RE: Where are the plaintext passwords stored

From: Bert Huijben <bert_at_qqmail.nl>
Date: Fri, 22 Jan 2010 11:16:56 +0100

> -----Original Message-----
> From: Giulio Troccoli [mailto:Giulio.Troccoli_at_uk.linedata.com]
> Sent: donderdag 21 januari 2010 16:41
> To: users_at_subversion.apache.org
> Subject: Where are the plaintext passwords stored
>
> I always thought the passwords were stored in the .subversion/auth folder
> (I'm using Linux). And for plaintext passwords I expected to actually see
it
> there, is some files, in, well, plain text. But I don't. So, just out of
curiosity (I
> don't store passwords anyway), where are they?

Looking at your e-mail headers, I guess you are using Windows.

On Windows (NT 4 and later) the passwords are stored in the auth folder, but
encrypted with the per user cryptographic key managed by the Windows
CryptoAPI. I think this feature was added around Subversion 1.3/1.4. Before
that and on other operating systems than Windows the password is stored in
there as plain text if there is no specific store available.

Since Subversion 1.6 you get a warning from svn when the password will be
stored as plain text.

Bert
Received on 2010-01-22 11:17:36 CET

This message: [ Message body ]
Next message: Giulio Troccoli: "RE: Where are the plaintext passwords stored"
Previous message: Ulrich Eckhardt: "Re: File management"
In reply to: Giulio Troccoli: "Where are the plaintext passwords stored"
Next in thread: Giulio Troccoli: "RE: Where are the plaintext passwords stored"
Reply: Giulio Troccoli: "RE: Where are the plaintext passwords stored"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]