[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] default to --no-auth-cache

From: <rbb_at_rkbloom.net>
Date: 2003-01-14 22:31:13 CET

Sounds good. Expect something sometime this week. Exactly when depends
on how much my daughter sleeps.

Ryan

On 14 Jan 2003, Karl Fogel wrote:

> <rbb@rkbloom.net> writes:
> > That I would be willing to do, yes.
>
> Wonderful!
>
> And, I think there's a way we can have both security and convenience.
> How about this:
>
> - By default, we never cache auth data.
>
> - Whenever we prompt for a [user and] password, we also prompt
> asking whether to should remember the auth data for next time.
> Something like this:
>
> $ svn ci -m "log message"
> username: rbb
> password: ********
> Remember user and password for future contact with this repository?
> (Warning: the stored information will be visible to the
> system administrator, if they choose to look for it): n
> $
>
> (Answering `y' would have cached the data in ~/.subversion/foo/, in a
> some sort of table whose rows are repos UUID/username/password.)
>
> This gives us the convenience factor -- "I don't want to do something
> special to have my auth data cached, I just want it to work!" -- but
> without compromising on the security side -- "Subversion shouldn't
> store sensitive data without me telling it to!".
>
> We can later add config options and flags along the lines of
> `--always-store-auth-data', `--never-prompt-about-storing-auth-data',
> and so on. Consider these optimizations to the core proposal; and not
> with those actual names, of course.
>
> What do you think?
>
> -K
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jan 14 22:18:08 2003

This is an archived mail posted to the Subversion Dev mailing list.