Re: The --password and clumsy users issue

From: Martin Furter <mf_at_apache.org>
Date: Fri, 04 Jul 2014 09:40:22 +0530

On 07/04/14 04:47, Gabriela Gibson wrote:

> This is a summary of Ben's reply:
>
> Ben Reser wrote on Thu, Jul 03, 2014 at 12:54:58 -0700:
> > 1) Remove the option.
> > 2) Redact the password in the argv after starting up and finding the
> > bits to redact.

3) Allow the password to be supplied over stdin using the special value "-".

Nobody will see the password. The only leak is that a password has been
supplied using stdin. An attacker will have to convince the calling
application to run something different than svn which logs the password
to a file.

This can ofcourse be combined with 2).

- Martin
Received on 2014-07-04 06:11:04 CEST

This message: [ Message body ]
Next message: Ben Reser: "Re: The --password and clumsy users issue"
Previous message: Ben Reser: "Re: The --password and clumsy users issue"
In reply to: Gabriela Gibson: "The --password and clumsy users issue"
Next in thread: Ben Reser: "Re: The --password and clumsy users issue"
Reply: Ben Reser: "Re: The --password and clumsy users issue"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]