[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] default to --no-auth-cache

From: <rbb_at_rkbloom.net>
Date: 2003-01-13 21:26:52 CET

On 13 Jan 2003, Ben Collins-Sussman wrote:

> <rbb@rkbloom.net> writes:
>
> > I just discovered that the svn client is caching passwords by default.
> > This seems like a huge security hole, especially since it isn't obvious
> > that it is being done [...]
>
> I'm not following your logic. It's a security hole because users
> don't know it's happening by default?
>
> (What would happen if every user read about it in documentation first?
> Would it still be a security hole?)

I'll give a simple example of why this sucks. As a senior developer, I
had a junior guy at my last company come and ask for a portable version of
getopt. I tar'ed up my APR distribution and gave it to him, telling him
to investigate APR if he really wanted portable C code. Since APR is
using CVS, that was safe to do, with SVN without this change, I just gave
a guy I don't trust (at least not enough to have my password) my password.
And, to make matters worse, I had no real way of knowing that I was doing
it.

As for documenting it first, no I don't think that clears this up. This
is the kind of thing that should require the user to make a conscious
decision to enable it. And, there should be a big warning to let the user
know what they are doing.

Ryan

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jan 13 21:13:43 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.