On 13 Jan 2003, Ben Collins-Sussman wrote:
> <rbb@rkbloom.net> writes:
>
> > I just discovered that the svn client is caching passwords by default.
> > This seems like a huge security hole, especially since it isn't obvious
> > that it is being done [...]
>
> I'm not following your logic. It's a security hole because users
> don't know it's happening by default?
>
> (What would happen if every user read about it in documentation first?
> Would it still be a security hole?)
I'll give a simple example of why this sucks. As a senior developer, I
had a junior guy at my last company come and ask for a portable version of
getopt. I tar'ed up my APR distribution and gave it to him, telling him
to investigate APR if he really wanted portable C code. Since APR is
using CVS, that was safe to do, with SVN without this change, I just gave
a guy I don't trust (at least not enough to have my password) my password.
And, to make matters worse, I had no real way of knowing that I was doing
it.
As for documenting it first, no I don't think that clears this up. This
is the kind of thing that should require the user to make a conscious
decision to enable it. And, there should be a big warning to let the user
know what they are doing.
Ryan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jan 13 21:13:43 2003