[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Change default "store-passwords" policy to "no"

From: Travis P <svn_at_castle.fastmail.fm>
Date: 2007-10-11 21:45:44 CEST

On Oct 11, 2007, at 2:10 PM, Jack Repenning wrote:

> On Oct 11, 2007, at 7:04 AM, Erik Huelsmann wrote:
>
>> On 10/11/07, Ph. Marek <philipp.marek@bmlv.gv.at> wrote:
>>> On Donnerstag, 11. Oktober 2007, Mark Phippard wrote:
>>>> These are only issues on *nix. Windows and OSX both store
>>>> passwords
>>>> with strong encryption. I'd be an emphatic -1 to changing the
>>>> default
>>>> behavior on those operating systems.
>>>>
>>>> I know we cannot do strong encryption on *nix without dragging in a
>>>> bunch of dependencies. Is there something else that can be done?
>>> AFAIK the svn libraries and binaries already require openssl
>>> linking ... so
>>> that should already be included, no?
>>
>> Not if you only build svn://, right?
>
> Tangenting back off the original proposal, seems like it would be a
> far more useful investment of time to enable encrypted storage on
> *nix when OpenSSL is available.
>
> We (speaking in his CollabNet voice, now) do have customers,
> prospective customers, and lost customers who get very hot-and-
> bothered by this storing of clear-text passwords. Some accept
> "it's not REALLY any worse than CVS," some accept "you can tell
> your users to turn that off," and some accept "well, on Windows and
> OS X it's much better," but some don't buy any of that (and even
> the latter is kind of a black eye for Linux and most other Unices).

Having OpenSSL is not enough. It gets more complicated. For
example, think about where the secret key that was used to encrypt
the passwords should be stored between invocations of the svn CLI
client?

MacOS X and Windows have conveniently included-with-the-OS and thus
guaranteed-available systems that users are used to using. It's
great that Subversion takes advantage of them. Other Un*x/Linux
systems aren't so standardized, if they have anything of the sort at
all.

I think if you search the archives of this list, you'll find these
issues discussed. The solution for non-Mac/Windows systems might be
a new "svn-agent" program that could function as the long-running-
process private key holder, just as ssh-agent does for ssh.

-Travis

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 11 21:45:28 2007

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.