[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: RFA: Encrypting auth info

From: Branko Čibej <brane_at_xbc.nu>
Date: 2005-02-16 17:00:27 CET

Justin Erenkrantz wrote:

> --On Wednesday, February 16, 2005 4:40 PM +0100 "Branko ?ibej"
> <brane@xbc.nu> wrote:
>
>> brane : i'd much rather see a generic API that lets the auth provider
>> say, "this bit of data is sensitive, do your best with it"
>> brane : on windows, we could use strong encryption
>> brane : on most unices, we could eventually be persuaded to ROT-13
>> brane : (really, all those who request this do have a point)
>> brane : althouth the false-sense-of-security argument still holds, of
>> course
>
>
> And, there is the fundamental problem: we have no way of guaranteeing
> cross-platform strong encryption. If Win32 can do this, then just add
> a Win32-only provider. Yet, one API that has strong encryption on
> Win32, but ROT-13 on Unix is incredibly dangerous.

Why? I know I said "encrypt the password", but what I really mean is
"handle sensitive data", and nobody should know or care about what the
implementation does. Right now we face the situation that it's not even
obvious from the code /which/ data are sensitive.

Why should the average user have to worry about encrypting their
~/.subversion/auth, if the package maintainer can do it provided we give
them the right hooks (which they currently don't have)?

And because we don't have this mechanism in our API, other clients
(TortoiseSVN is an example here) aren't sharing auth info with the
command-line client.

-- Brane

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Feb 16 17:03:39 2005

This is an archived mail posted to the Subversion Dev mailing list.