Andreas Pakulat wrote: > On 02.01.06 23:57:45, Michael Biebl wrote: >> Andreas Pakulat wrote: >>>> Maybe a global setting in the >>>> configuration dialog would be useful so that kdesvn does not always >>>> prompt you if you want to store the password or not and this setting >>>> could be predefined with the value from .subversion/config if not >>>> explictely set. But this is more a wishlist bug than an security >>>> relevant bug. >>> >>> Agreed. I'd like to have the default for "store password" option to be >>> off and maybe a possibility to remove the authentication information for >>> the current opened repository, so one can switch from storing to not >>> storing without fiddling with .subversion/auth/... files. >> Again, there are no API functions that deal with this files in >> .subversion/auth/..., so I hesitate to manipulate them directly. > > Aah, forgot that little twist :-) Right, then removing the already > stored credentials is only possible by removing the files in > .subversion/auth. This is also documented in the default > .subversion/config so the user should be able to find it. > > Still I think the default of the password-dialog should be to _not_ > store the password. Maybe I'm just paranoid, but then default > configuration for any service is normally as secure as possible without > making the service unusable "out of the box".
Hi Andreas, I prepared a new version 0.7.2-1 and included a patch which adds an option to the global settings dialog and the default to not store passwords. I uploaded it to my private archive at [1]. Please give it a try and tell me if it suits your needs. If so I will upload it to unstable. Cheers, Michael [1] http://www.teco.edu/~biebl/debian/
signature.asc
Description: OpenPGP digital signature
