Many servers are configured to require authentication on every request. This would be a big annoyance to users if they were forced to type their passwords over and over again. Fortunately, the Subversion client has a remedy for this—a built-in system for caching authentication credentials on disk. By default, whenever the command-line client successfully responds to a server’s authentication challenge, it saves the credentials in the user’s private runtime configuration area (~/.subversion/auth/ on Unix-like systems or %APPDATA%/Subversion/auth/ on Windows; see Runtime Configuration Area for more details about the runtime configuration system). Successful credentials are cached on disk and keyed on a combination of the server’s hostname, port, and authentication realm.
When the client receives an authentication challenge, it first looks for the appropriate credentials in the user’s disk cache. If seemingly suitable credentials are not present, or if the cached credentials ultimately fail to authenticate, the client will, by default, fall back to prompting the user for the necessary information.
The security-conscious reader will suspect immediately that there is reason for concern here. “Caching passwords on disk? That’s terrible! You should never do that!”
The Subversion developers recognize the legitimacy of such concerns, and so Subversion works with available mechanisms provided by the operating system and environment to try to minimize the risk of leaking ...