[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] obscure password

From: HIROSHIMA Naoki <nh-svn_at_iron-horse.org>
Date: 2006-03-12 21:25:44 CET


Since I have never been using Subversion with anything other than
svn+ssh, it has never been any issue to me. But when I started using
https recently, I realized that my password was stored in cleartext in
~/.subversion/auth/svn.simple/whatever. Not so great.

Then, I have googled the archives but couldn't find any patch or plan to
solve it. So, I wrote a silly patch as below that makes a password
somewhat obscure using base64.

Maybe Subversion guys are so perfectionist that this kind of hack is
just not wanted at all. I agree that while this way actually doesn't
improve current security, it might give people wrong impression.

But I believe this silly hack is still better than nothing until proper
ways will be implemented by someone in the future.

-- Hiroshima

Index: subversion/libsvn_subr/simple_providers.c
--- subversion/libsvn_subr/simple_providers.c (revision 18843)
+++ subversion/libsvn_subr/simple_providers.c (working copy)
@@ -86,7 +86,10 @@
    if (str && str->data)
- *password = str->data;
+ char *decoded_password;
+ decoded_password = apr_palloc(pool, apr_base64_decode_len(str->data));
+ apr_base64_decode(decoded_password, str->data);
+ *password = decoded_password;
        return TRUE;
    return FALSE;
@@ -102,8 +105,11 @@
                      svn_boolean_t non_interactive,
                      apr_pool_t *pool)
+ int len = strlen(password);
+ char *encoded_password = apr_palloc(pool, apr_base64_encode_len(len));
+ apr_base64_encode(encoded_password, password, len);
- svn_string_create(password, pool));
+ svn_string_create(encoded_password, pool));
    return TRUE;

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sun Mar 12 21:28:16 2006

This is an archived mail posted to the Subversion Dev mailing list.