[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: RFC: Encrypting ~/.subversion/auth on Windows

From: <kfogel_at_collab.net>
Date: 2004-11-12 22:14:42 CET

Ben Collins-Sussman <sussman@collab.net> writes:
> My question is: what problem are we trying to solve?
>
> Through repeated discussions with users, my impression is that the
> problem is that an administrator (or perhaps someone sitting with you
> at your terminal) can accidentally glance at a cleartext password.
>
> CVS solves this particular problem by doing a trivial rot-13-esque
> scrambling on the contents of .cvspass. Not real crypto, just enough
> to prevent accidental glances. Couldn't we do something like that?
> It would be simple It would be portable -- not requiring any
> OS-specific code.
>
> Somebody could do it as bite-sized task:
>
> * add a couple of scramble/descramble functions to libsvn_subr.
>
> * make the client-side auth cache use them. (the auth-cache files
> are just hashtables on disk; add a hash-key that describes the
> scramble method used.)
>
> * make the svnserve user-db file use them (and add a config
> variable to svnserve.conf that describes the scramble method).
>
> Seems pretty easy, and users ask about this problem all the time. I'd
> much rather see this done, rather than adding more "#ifdef win32"
> things to our code.

I think your solution is fine, if the problem is what you say it is.

But I'm not sure the problem is about accidental glances. People are
also worried about malicious glances. Yes, the password area is
perm-protected, but it's still in there in plaintext.

-K

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Nov 13 00:11:04 2004

This is an archived mail posted to the Subversion Dev mailing list.