Re: non-interactive user authentication

From: Philip Martin <philip_at_codematters.co.uk>
Date: 2002-10-07 23:24:10 CEST

Kevin Pilch-Bisson <kevin@pilch-bisson.net> writes:

> On Mon, Oct 07, 2002 at 10:16:40PM +0100, Philip Martin wrote:
> > Kevin Pilch-Bisson <kevin@pilch-bisson.net> writes:
> >
> > > I don't see the problem with either of:
> > > 1) Never prompt at all
> >
> > Allowing people to specify --username/--password is OK, but requiring
> > them to do it is not acceptable since passing such information via the
> > command line can be a security risk.
> >
> Right, so once their script fails with the empty uname/password, they can set
> it up to use a cached one.

How do they do that if there is never a prompt? The security risk is
not just putting the stuff in a script, it's also a risk putting it on
the process's command line where it is visible to other processes.

-- 
Philip Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Mon Oct 7 23:24:49 2002

This message: [ Message body ]
Next message: Kevin Pilch-Bisson: "Re: non-interactive user authentication"
Previous message: Kevin Pilch-Bisson: "Re: non-interactive user authentication"
In reply to: Kevin Pilch-Bisson: "Re: non-interactive user authentication"
Next in thread: Kevin Pilch-Bisson: "Re: non-interactive user authentication"
Reply: Kevin Pilch-Bisson: "Re: non-interactive user authentication"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]