[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] default to --no-auth-cache

From: <rbb_at_rkbloom.net>
Date: 2003-01-14 19:11:45 CET

On 14 Jan 2003, Karl Fogel wrote:

> <rbb@rkbloom.net> writes:
> > I realize that most people would like to have an auth cache by default,
> > but it is a security hole regardless of where you put the passwords on the
> > box. You need to make sure that the user knows what they are doing before
> > you write their password to the box. CVS makes it obvious by making you
> > "login" before it writes your password to the HD. SVN just writes the
> > password by default.
> >
> > I have no problem moving the auth cache out of the wc, I think that is a
> > requirement, but the default needs to be not saving the password to the
> > box. If people don't want to type their password on every operation, then
> > they either shouldn't use the WebDav transport, or we should implement
> > client certs (which is also on my short list of things to do).
> I think the security/convenience tradeoff starts to swing the other
> way at this point.
> Getting them out of the WC is necessary. People expect (from CVS)
> that a WC does not contain their passwords.
> But having it in ~/.subversion/, in a location readable only by that
> user and by root, is fine. Remember, we're talking about http basic
> auth passwords here -- anyone who has root on the client box could
> just sniff the network to get them too.
> So I think storing them in ~/.subversion/ rather than the WC is a good
> trade for us to make.

That's fine, but I won't implement it. I disagree with this solution, and
you are making a rather large assumption about being able to sniff the
network. I only use SVN over SSL, because of the ability to sniff the
password off the wire. Also, there is the ability to implement digest
authentication to resolve that problem.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 14 18:58:40 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.