From WolfTech
Jump to navigation Jump to search


I've stored my password to disk unencrypted! What should I do?

The LINUX client for SVN can store your password in your home directory so that you don't need to type it in every time you access the repository. Although this is very handy, it's quite a security risk. Anyone who has access to your home directory could potentially read your Unity password from this file. To warn you about it, SVN prints the following message:

ATTENTION! Your password for authentication realm:

<> VisualSVN Server

can only be stored to disk unencrypted! You are advised to configure your system so that Subversion can store passwords encrypted, if possible. See the documentation for details.

You can avoid future appearances of this warning by setting the value of the 'store-plaintext-passwords' option to either 'yes' or 'no' in '/afs/'.

Store password unencrypted (yes/no)?

If you answer no to this question, your password is not stored, but you must answer the annoying question every time to access the repository. We recommend that you add the following text to your ~/.subversion/servers file:

[global] store-plaintext-passwords = no

If you ever answer yes to this question, then your password is at risk of discovery! The simplest way to solve this problem is to delete all files in the directory ~/.subversion/servers/auth/svn.simple, thereby resetting your preferences for this server and removing the record of your password.