[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Feature Request: clients shouldn't store auth-creds

From: Michael W Thelen <mike_at_pietdepsi.com>
Date: 2005-01-05 23:29:55 CET

Ben Collins-Sussman wrote:
>> No, you're not alone. I don't like programs that silently spread my
>> passwords in different files on my hard drive without me noticing. There
>> are ways to avoid this, but if I am just a little bit ignorant... I don't
>> see why changing a default would be bad. Scripts can hardly rely on this
>> config option set to a specific value, so it can't break compability.
>> I am
>> actually +1 on changing the default. This also sends a signal that we are
>> taking security seriously.
>
> I'd be okay with this also.
>
> But we'd better be ready for a slew of newbies asking us how to make
> subversion stop asking for their password. I predict it will jump into
> the top 10 FAQs on the users@ list.
>
> We may be gaining more security by default, but we're trading it for a
> chunk of convenience and user-friendliness.

Yes, although if the default is changed, the way for a user to change
Subversion's behavior becomes easier. Currently you must either edit a
config file (perhaps painful and/or confusing for the average user) or
remember to pass --no-auth-cache for every command, every time
(virtually impossible).

If the default changes, you may simply have to pass an --auth-cache flag
*once* for any command requiring authentication (easy, once you know
it's there). The FAQ answer becomes "Pass --auth-cache once and
Subversion will stop asking for your password" rather than "Find the
Subversion config file and edit it to turn off credential caching".

Subversion could even display such a message after a successful password
prompt, so the FAQ is answered immediately. (This may be considered too
distracting or may break output compatibility rules, though.) Something
like this:

$ svn ls http://example.com/repos
Username: joe
Password: *********
Use --auth-cache if you want Subversion to remember your password.

... rest of the output ...

-- 
Michael W Thelen
It is a mistake to think you can solve any major problems just with
potatoes.       -- Douglas Adams

Received on Wed Jan 5 23:33:46 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.