[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] default to --no-auth-cache

From: <rbb_at_rkbloom.net>
Date: 2003-01-13 22:39:52 CET

On Mon, 13 Jan 2003, Justin Erenkrantz wrote:

> --On Monday, January 13, 2003 14:06:48 -0600 "B. W. Fitzpatrick"
> <fitz@red-bean.com> wrote:
> > I'd like to +1 this patch. If we don't switch the password caching
> > behavior to off by default, we're going to wind up getting a BUGTRAQ
> > nastygram, a truckload of bad press, and then have to turn it off by
> > default anyway.
> Sorry, but I disagree. CVS stores its passwords in ~/.cvspass using simple
> base-64 encoding. This is no less of a security hole than it was in CVS.
> The only difference is that it is stored in the working copy, not in your
> home directory. Perhaps we should move the passwords to being in your
> ~/.subversion directory. (Although I think there are reasons not to move
> it there though.)
> If you use ra_svn with SSH tunneling, you have the same effect as CVS with
> SSH tunneling - no passwords are stored locally.
> I believe that this change is only going to result in frustrated users and
> make it harder to use SVN out of the box. Everyone *wants* password
> caching - security risk or not. -- justin

There are actually a number of differences between the way that CVS does
this and the way that SVN does this. In CVS, I only get .cvspass if I am
using :pserver: and I login. Which, most people agree is a security hole.
If I am using ssh tunneling with an actual account, I will not ever have a
.cvspass file. I am using SVN over SSL, so I know that my passwords are
safe over the network, but without this change, they aren't safe on my own
hard-disk. Show me somebody who actually uses :pserver: with their _real_
password, and I will show you a user with a security hole.

The second difference is that CVS doesn't put the username/password combo
in the checked out repository itself, SVN does. This means that you can't
share your checked out repo with anybody, ever.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jan 13 22:26:44 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.