Insecure vault command line (rememberlogin)

pjmills · Post by **pjmills** » Thu Jun 03, 2004 11:48 pm

The REMEMBERLOGIN option for the vault command line (v2.0.3) seems to store the user's name and password in CLEAR text in the following file:

%userprofile%\Application Data\SourceGear\Vault_1\Client\vault_cmdline_client_session.txt

We wanted to setup automated builds on a build machine but this insecurity (clear text password) presents a problem. Do you have a recommended workaround?

thanks,
Paul J. Mills

Post by **jclausius** » Fri Jun 04, 2004 7:07 am

Not at this time. You could choose not use use REMEMBER login altogether.

I've logged an enhancement request that this information be stored in an encrypted format.

Post by **jclausius** » Fri Jun 04, 2004 7:11 am

I should note, the Command Line Client (CLC) code is freely available to all licensed Vault users.

If it is imperative that you have this, and cannot wait for the enhancement, you could modify the CLC code, and create your own client which encrypts this information.

Just a suggestion.

christian · Post by **christian** » Thu Dec 16, 2004 4:12 am

jclausius wrote: I've logged an enhancement request that this information be stored in an encrypted format.

Can you add my vote to this enhancement request.
Thanks

matzen · Post by **matzen** » Thu Dec 16, 2004 4:20 am

what about using NTFS access controll to the file?
you also may use NTFS encryption to add security.