Continuing a series of articles on the latest improvements in Subversion, this article will focus on a small but significant Subversion password security upgrade. Subversion 1.8 now allows passwords to be cached in memory rather than on disk.
Passwords or authentication tickets cached on disk are a security vulnerability if the drive is lost or stolen, so this is a welcome improvement. Note, however, that the password exists in memory in plain text, and if an intruder accesses the machine while the cache is live and knows the cache ID, the password could still be compromised.
In order to use this new feature you’ll need Subversion 1.8 binaries compiled with gpg-agent support, gpg-agent itself, and a pinentry program. You’ll also need to configure a couple of gpg-agent environment variables.
If password security is an important concern for you, get your certified Subversion 1.8 binaries and take advantage of this improvement.
Subversion is a registered trademark of the Apache Software Foundation.