You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by ju...@apache.org on 2018/10/29 14:00:24 UTC
svn commit: r1845126 - /subversion/site/publish/faq.html
Author: julianfoad
Date: Mon Oct 29 14:00:24 2018
New Revision: 1845126
URL: http://svn.apache.org/viewvc?rev=1845126&view=rev
Log:
* faq.html (plaintext-passwords): Update to today's perspective; remove CVS note.
Modified:
subversion/site/publish/faq.html
Modified: subversion/site/publish/faq.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/faq.html?rev=1845126&r1=1845125&r2=1845126&view=diff
==============================================================================
--- subversion/site/publish/faq.html (original)
+++ subversion/site/publish/faq.html Mon Oct 29 14:00:24 2018
@@ -3258,32 +3258,32 @@ working copy.</p>
<p>Calm down, take a deep breath.</p>
-<p>On Windows 2000 or later, svn 1.2 and above uses standard
+<p>On Windows, Subversion uses standard
Windows APIs to encrypt the data, so only the user can decrypt the
-cached password.</p>
+cached password.
+<i>(Since svn 1.2.)</i></p>
-<p>On Mac OS X, svn 1.4 and later uses the system Keychain
-facility to encrypt/store your svn password.</p>
+<p>On Mac OS X, Subversion uses the system Keychain
+facility to encrypt/store your svn password.
+<i>(Since svn 1.4.)</i></p>
-<p>Subversion 1.6 will address this issue for UNIX/Linux.
-Support for GNOME Keyring and KWallet has been implemented,
+<p>On UNIX/Linux, Subversion supports GNOME Keyring and KWallet,
both of which facilitate storing passwords on disk encrypted.
These programs need to be available at compile-time and and at run-time.
Otherwise, the client will fall back to caching your password in
-plaintext, but it has also been changed to <em>never</em>
-cache a password in plaintext without asking first.</p>
+plaintext, but it will <em>never</em>
+cache a password in plaintext without asking first.
+<i>(Since svn 1.6.)</i></p>
-<p>With Subversion 1.5 and earlier, on UNIX/Linux, the password can
-only be stored in plaintext in ~/.subversion/auth/. Notice, however,
-that the directory which contains the cached passwords (usually
+<p>On UNIX/Linux, the directory which contains the cached passwords (usually
~/.subversion/auth/) has permissions of 700, meaning only you can read
them.</p>
<p>However, if you're really worried, you can permanently turn off
-password caching. With an svn 1.0 client, just set 'store-auth-creds
-= no' in your run-time config file. With an svn 1.1 client or later,
+password caching. Set 'store-auth-creds = no' in your run-time config file
+to disable storing any kind of credentials, or
you can use the more narrowly-defined 'store-passwords = no' (so that
-server certs are still cached). With an svn 1.6 client or later, you
+server certs are still cached), or you
can use the even more narrowly-defined 'store-plaintext-passwords = no'
(so that encrypted stores like GNOME Keyring and KWallet will still be used).
More information on password cacheing is in chapter 6 of the <a
@@ -3292,15 +3292,6 @@ Build" Subversion book</a>, under
<a href="http://svnbook.red-bean.com/nightly/en/svn.serverconfig.netmodel.html#svn.serverconfig.netmodel.credcache">
"Client Credentials Caching".</a></p>
-<p>Lastly, we point out that CVS has been caching passwords for years
-in the .cvspass file. It may look like the passwords in .cvspass are
-encrypted, but in fact they're only lightly scrambled with an
-algorithm that's the moral equivalent to rot13. They can be cracked
-instantly. The only utility of the scrambling is to prevent users
-(like root) from accidentally seeing the password. Nobody's cared
-enough to do this for Subversion yet; if you're interested, send
-patches to the dev@ list.</p>
-
</div>