[Melbourne-pm] Obfuscating passwords in configurations

Scott Penrose scottp at dd.com.au
Thu Dec 2 03:11:58 PST 2010

On 02/12/2010, at 9:40 PM, Shlomi Fish wrote:
> How do you know that they do that? Please cite it. I've looked into the 
> contents of ~/.subversion/auth/svn.simple/ and the passwords are stored there 
> in plaintext, completely unencrypted. Note that Subversion has an option to 
> use the KDE or GNOME password managers, which is more secure (but possibly 
> less convenient).

You are correct - I was wrong about Subversion. CVS did it, but SVN does not.

Some other examples that do it:

* Opera
* IE
* Firefox

That last one I wasn't sure on, but sure enough it does. Obviously you can easily unencrypt in the browser :-)

My viewing of my apps shows me that more applications do obfuscate than not.

I did a search for my common passwords across my system, and did not find too many cases.


More information about the Melbourne-pm mailing list