subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache subversion Wiki <>
Subject [Subversion Wiki] Update of "MasterPassphrase" by CMichaelPilato
Date Tue, 17 Jul 2012 15:19:22 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change notification.

The "MasterPassphrase" page has been changed by CMichaelPilato:

  = Master Passphrase Support =
  == Introduction ==
  Like all popular web browsers, [[|Mozilla Firefox]]
allows you to optionally cache passwords used for site logins. Site credentials are cached
on disk, and in plaintext by default. However, Firefox allows you to optionally configure
a "Master Password". This password (or passphrase) is used to encrypt the on-disk cached site
credentials, functioning effectively the same way that a keyring provider and associated passphrase
would work. Firefox will challenge the user for the master password the first time it needs
to consult its credentials cache, and will leave the cache "unlocked" for the duration of
the application's lifetime. (Reference:
  Subversion should be able to do something similar, allowing users to optionally employ a
master passphrase which is used to encrypt and decrypt other sensitive information stored
in its [[EncryptedPasswordStorage|authentication credential cache(s)]].  Long-lived Subversion
GUI clients could query the user for his or her master passphrase the first time the local
credential cache is consulted, and remember that passphrase for the lifetime of the application,
just like Firefox does.
@@ -140, +138 @@

  The workflow I described should work - in theory - but I haven't tried
  to implement it!
+ === How Git stores passwords ===
  == Benefits ==
   * Centralization:  Rather than spread repository credentials cross a variety of stores
(on-disk, keystores, etc.), we return to a single, easy-to-manage storage solution:  the on-disk
store in {{{~/.subversion/auth/}}}
   * Portability:  {{{~/.subversion/auth/}}} is portable across computers, allowing users
to transfer what could be hundreds of different sets of stored repository credentials to other
machines with ease.  So long as they employed the same master passphrase on those other machines,
or did a one-time passphrase change, they would be able to make use of previously cached credentials.

View raw message