[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] default to --no-auth-cache

From: <rbb_at_rkbloom.net>
Date: 2003-01-14 00:25:23 CET

On 13 Jan 2003, Philip Martin wrote:

> <rbb@rkbloom.net> writes:
>
> > What is the argument for not caching the username?
>
> Huh? Obviously some people consider usernames to be sensitive.

Granted, they are potentially sensitive in some cases. Usually because
they allow an attacker a place to start when they are trying to guess
username/password combinations. But in real-life, is this really an issue
for an SCM system? The chances that you would need to protect your
username from somebody who shares the system with you is slim (there are
better ways to get valid usernames). The chances that you would need to
protect your username from somebody that you give your wc to is even
slimmer (They most likely already know your username).

So, while usernames are sensitive, I don't agree that they are sensitive
in the context of an SCM system, especially since every other SCM I have
ever used stores the username inside of the checked out code.

> Also, suppose I want to treat a working copy as read-only, then I
> don't want 'svn st -u' to write auth data.

'svn st -u' shouldn't be adding auth data to the wc if it wasn't there to
begin with. IMHO, only checkout and update should be modifying the cached
auth information.

Ryan

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 14 00:12:19 2003

This is an archived mail posted to the Subversion Dev mailing list.