Greg Hudson <ghudson_at_MIT.EDU> writes:
> Fundamentally, people are going to save their passwords if they don't
> have an acceptably convenient alternative. Keyring-type solutions are
> acceptably convenient; retyping your password for every network command
> is not. We can change the default, but it's not going to make anyone's
> usage scenario more secure than it is now. It might change a few
> perceptions, but it won't change any realities.
I don't think that's quite true (though frankly even just changing
perception is a worthy goal).
There's a big difference between Subversion storing plaintext passwords
without there ever being a moment when the user is made aware of this,
and Subversion only storing plaintext passwords after the user has had
to take an explicit step to permit it.
While *Subversion's* behavior will end up being the same in most cases,
the *users* might now behave differently. For example, the increased
awareness of Subversion's behavior could lead to some people (especially
those in sensitive security environments) to choose different passwords
than they otherwise would. Or they might take the trouble to set up a
keyring solution when they otherwise wouldn't have.
The point is that switching the default confronts the user with more
information. Right now, many users are honestly surprised to learn that
Subversion is storing plaintext passwords -- we know this, because they
often post to say so. The point is to add the information to the system
earlier, removing the surprise and enabling people to make better
decisions from the start.
(Sure, if today's users thought about it carefully, they'd realize that
Subversion pretty much has to be storing plaintexts. But it's
unreasonable to expect people to realize it on their own initiative,
especially given that most people don't lie awake nights reasoning about
cryptography.)
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-17 20:09:56 CEST