[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] default to --no-auth-cache

From: Justin Erenkrantz <jerenkrantz_at_apache.org>
Date: 2003-01-14 01:16:04 CET

--On Monday, January 13, 2003 13:39:52 -0800 rbb@rkbloom.net wrote:

> If I am using ssh tunneling with an actual account, I will not ever have a
> .cvspass file. I am using SVN over SSL, so I know that my passwords are
> safe over the network, but without this change, they aren't safe on my own
> hard-disk. Show me somebody who actually uses :pserver: with their _real_
> password, and I will show you a user with a security hole.

I know PHP only allows write access with CVS's pserver, so it's not unheard
of with CVS. It's a security hole, but so what? Their attitude is that
"it's versioned!" =)

If you want 'secure' local storage right now, you should be using ra_svn
with an appropriate SSH agent forwarding. No username/password combination
should be required then.

Ideally, when we have client certificate support in neon/Subversion, we'll
be able to present a client certificate and stop using basic HTTP auth when
using ra_dav. That will obviate any need for usernames and passwords.
(I'll make a case that the client certs definitely belong in ~/.subversion
- these would be similar to your ~/.ssh/identity* files.)

> The second difference is that CVS doesn't put the username/password combo
> in the checked out repository itself, SVN does. This means that you can't
> share your checked out repo with anybody, ever.

Which, as I suggested, following CVS with a file in ~/.subversion might be
a fair compromise solution.

But, I believe that if we disable auth caching by default, we've just made
the system that much harder to use for people familiar with CVS. We
*should* cache the passwords by default.

Claiming that it makes it more 'secure' hides the fact it makes it far less
'usable.' No one wants to type their password over and over again. What
you're suggesting is that people type their password everytime. They'll
get around that by having a little sticky-note on their monitor, or using
insecure-but-easy-to-remember passwords, or, probably, just turning on auth
caching. -- justin

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 14 01:16:51 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.