subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache subversion Wiki <>
Subject [Subversion Wiki] Update of "EncryptedPasswordStorage" by CMichaelPilato
Date Tue, 03 Jan 2012 16:31:26 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change notification.

The "EncryptedPasswordStorage" page has been changed by CMichaelPilato:

  = EncryptedPasswordStorage =
  This page documents the support provided by the Subversion client layer for caching user
credentials in a cryptographically safe fashion.
- {{{#!wiki warning
- This document is incomplete!
- }}}
  == What's Offered Today ==
  The Subversion core libraries handle credential caching (and automatic recall) using a variety
of mechanisms.  Most of those mechanisms are not implemented by the Subversion codebase itself,
but are offered as services by the operating system or third-party security libraries/subsystems.
 In fact, Subversion's codebase offers but a single general type of credential caching:  plaintext
storage using flat files created in the user's runtime configuration area (under ''$HOME/.subversion/auth/''
on Unix platforms; under ''%APPDATA%/Subversion/auth/'' in Windows).  For many users, this
solution is secure enough. there is but a single user on their machine, or there are several
users with their own home directories whose filesystem-level permissions don't permit one
user to access and read another user's credential caching files.  But some Subversion-using
companies desire more in terms of password caching.  So Subversion also integrates with several
other types of external encrypted storage mechanisms.

View raw message