[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [Bug] "store-passwords = no" plus upgrading from 1.1->1.2 (or later) removes existing cached passwords

From: Max Bowsher <maxb_at_ukf.net>
Date: 2005-09-23 16:40:34 CEST

Malcolm Rowe wrote:
> On Fri, Sep 23, 2005 at 02:47:43PM +0100, Max Bowsher wrote:
>> Now do some operation with a 1.2 client which causes use of the password.
>> The auth cache file is rewritten to update it to the new format (addition
>> of a 'passtype' hash key), but because store-passwords = no, the password
>> is erroneously removed from the cache.
>
> That seems correct to me: with 'store-passwords = no', you're requesting
> that the client, well, not store passwords (or more correctly, to cease
> caching the password responses to server challenges). That the client
> doesn't proactively remove existing passwords from the cache when started
> with store-passwords=no is the real bug her, in my opinion (and no,
> not one worth worrying about either).

Regardless of your opinion about the definition of store-passwords, removing
a password from the cache purely as a side effect of a transparent upgrade
is *definitely* a bug.

In response to your opinion, I would like to note that I make extensive use
of 'store-passwords = no' to avoid accidentally caching important passwords,
whilst deliberately keeping a few low-value oft-used passwords cached.
Also, purging data as a side effect of a configuration option is far too
open to causing unpleasant surprises.

Max.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Sep 23 16:41:25 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.