Re: [PATCH] Obfuscate auth info

Quoting Malcolm Rowe (malcolm-svn-dev@farside.org.uk):
> Obfuscating passwords solves two problems:
> 1. It prevents accidental disclosure (e.g. 'grep -r pony ~', if your
> password is 'i-want-a-pony', your non-malicious sysadmin reading
> it by mistake, that kind of thing).
> 2. It stops people complaining that "HEY SUBVERSION IS STORING MY PASSWORD IN
> THE CLEAR!!1".

Please don't do this. Whilte Such a change may stop users complaining,
it won't stop subversion from storing the password (effectivly) in the
clear.

None of this will stop attackers. And, while the change may indeed stop
users from complaning, you'll simply end up with security professionals,
like me, complaining that subversion "tricks" users into not
investigating alternatives to plain text passwords.

To quote Thomas Ptacek (replace 'SAN' with 'svn'): "The lack of
superficial (or worse, complicated) security mechanisms forces operators
to confront the fact that SAN security requires network architecture
support." -- http://www.matasano.com/log/203/radioactive/

Users who complain about the risk of plain text passwords need to be
educated and motivated to move to ssh keys, certificates or full disk
encryption (or switch to an OS that provides a safe method of storing
passwords).

-- 
I prefer the dark of the night, after midnight and before four-thirty,
when it's more bare, more hollow.                http://a.mongers.org 
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org