Re: [PATCH] obscure password

kfogel@collab.net wrote:
> Thanks for the patch. This topic has come up before, as you might
> imagine, and we've decided not to obscure the password, because it
> might give a false sense of security (the directory's permissions
> protect the password, of course).

Since it's your (unfortunate IMHO) decision, I don't argue with that.

> There's nothing hacky about your solution, and "perfectionism" doesn't
> really enter into it. It's just that we don't want to appear to be
> giving more security than we actually do.

Fair enough. But if you would really want to appear as insecure as it
is, I would like to suggest two things.

1) add a note in the explanation of "store-passwords" in .subversion/config.

2) make "store-passwords" default to "no".

In this way, people, who might find being asked their password every
time very annoying, will need to find that "store-passwords = yes" is
needed to avoid it. And the note like, say, "Your password will be
stored in cleartext in ~/.subversion/auth/..." will be given to them.

In current way, many people don't even realize that their password is
being stored in plaintext. Giving no information might be better than
giving a false sense but giving a note is better than giving no heads-up
in my opinion.

Thanks,
-- Hiroshima

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sun Mar 12 22:47:02 2006