Menu
▾
▴
#865 Password not correctly removed
I tested this problem on the two following configurations:
Configuration 1
- Windows 2000 client
- CVS server hosted on a remote UNIX server
Configuration 2
- Windows 2003 server (using as client)
- CVS server hosted on a remote UNIX server
Tortoise version: 1.8.17
The computer I am using is public accessible by
colleagues working on other project. They should
however not be able to login to CVS using my details
and therefore tried to REMOVE my password. What I
do is as follow:
1 - Start cvsagent.exe in the C:\Program
Files\TortoiseCVS folder
2 - Right mouse click the application
3 - Select CLEAR password
4 - No I go to one of the folders which is bonded to the
(remote) CVS server and try to browse i.e. the history of
a file.
5 - The application correctly PROMPTS for a
PASSWORD (as it should be after clear password)
6 - If I don't enter a password and press cancel, the
system logins correctly, meaning that clearing the
password didn't work correctly.
I traced this error back to the registry. As known, the
password is stored in the regstiry at the following
location.
HKEY_CURRENT_USER\Software\Cvsnt\cvspass
when you CLEAR the password using the cvsagent, it
does't clear this registry key and tortoise simple uses
the old password again meaning that the only way to
keep the system secure is to manually go to the
registry each time and remove this registry key.
Removing the password using cvsagent only restart the
password prompt but in fact it ignores it when cancel is
pressed and re-uses the old cached password.
Logged In: YES
user_id=382855
TortoiseCVS does not cache the password. Please report this
to the CVSNT people.
Logged In: YES
user_id=1312539
This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).