[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: auth cache (was: svn commit: rev 5006 ...)

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2003-02-24 16:26:36 CET

Greg Stein <gstein@lyra.org> writes:

> * server A is CollabNet's server, holding SourceCast source
> - access via https using your corporate password
> * server B is svn.collab.net, holding Subversion source
> - access via http using your svn.c.n password
> * your working copy uses svn:externals to aggregate these two
>
> Now, you go to do a commit and enter your user/pass for CollabNet's servers.
> It is nicely protected via https, all is good. Then svn goes to commit
> against svn.collab.net and it sends your corporate password over the public
> Internet in the clear via http:.
>
> See the problem? :-)

Yeah, I see. Rats. Sigh, I'll revert. :-)

So the original itch we were trying to solve was the fact that
TortoiseSVN, a long-lived GUI client, had this long-lived auth_baton
that was being re-used on svn_client_foo() calls. Every single call
to svn_client_foo() was causing a prompt for creds. Do we have any
other solutions to this problem?

The only thing I can think of is to do what Philip suggested about
svn_client_add() -- make *all* the svn_client_foo() functions take a
*list* of targets. That way everything can happen in a single RA
session.

Of course, what if the user runs 'svn ls URL1 URL2 URL3', and URL2
happens to be a different server? Ugh.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Feb 24 14:28:05 2003

This is an archived mail posted to the Subversion Dev mailing list.