subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache subversion Wiki <comm...@subversion.apache.org>
Subject [Subversion Wiki] Update of "EncryptedPasswordStorage" by CMichaelPilato
Date Wed, 18 Jan 2012 15:54:05 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change notification.

The "EncryptedPasswordStorage" page has been changed by CMichaelPilato:
http://wiki.apache.org/subversion/EncryptedPasswordStorage?action=diff&rev1=14&rev2=15

  {{{#!wiki note
  In 1.8-dev, Subversion's configure script accepts a --disable-plaintext-password-storage
option to bypass the logic which stores plaintext passwords and client certificate passphrases.
  }}}
- For many users, this solution is secure enough. there is but a single user on their machine,
or there are several users with their own home directories whose filesystem-level permissions
don't permit one user to access and read another user's credential caching files.  But some
Subversion-using companies desire more in terms of password caching.  So Subversion also integrates
with several other types of external storage mechanisms.
+ For many users, this solution is secure enough because, for instance, there is but a single
user on their machine, or there are several users with their own home directories whose filesystem-level
permissions don't permit one user to access and read another user's credential caching files.
 But some Subversion-using companies desire more in terms of password caching.  So Subversion
also integrates with several other types of external storage mechanisms.
  
  Generally speaking, the extent of this integration is to continue to store in the runtime
configuration area's auth/ subdirectory the same information which is stored there when plaintext
password caching is in use, with one key difference.  Instead of a "password" record in the
file associated with a particular server realm, there is a "passtype" record which tells Subversion
where to look for the real password.  The following subsections describe the various stores
which Subversion can use to hold those real passwords.
  

Mime
View raw message