On Mon, 2011-01-03 at 11:49 -0500, Mark Phippard wrote: > > Apologies in advance if this is covered somewhere, but can someone > > explain (or point me to some references on) why using SVN w/ Apache > > (HTTPS) is insecure? I've seen some references to plain text > password > > storage, but I don't see my password on my server. The passwords in > my > > svnusers files look like hashes, which makes sense because I use the > > "-m" option to htpasswd2 when creating them. What am I missing? > > Yes, it is secure. Nico's issue is that the SVN client will allow the > user to cache their password in plaintext locally in their home > folder. This is only true for *nix clients though. Windows and OSX > clients store the password securely.
I see, thanks. So by "SVN client", are you referring to the command line client that's provided by SVN? May I ask why the *nix client stores the credentials in plain text? Again, I'm open to references which explain it if this has already been covered. Nick
