[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: [PATCH] Obfuscate auth info

From: Fernandes, Filipe (Bolton) <ffernandes_at_husky.ca>
Date: 2006-10-18 15:48:49 CEST

Peter Samuelson wrote:
>
> [Fernandes, Filipe (Bolton)]
> > But having said that, it's still an issue for me and it's not far
> > enough that passwords are simply base64 encoded. Better, but not
> > nearly as good as if they were encrypted.
>
> How do you propose to encrypt the passwords?
>
> Do you want subversion to ask you for a password so it can decrypt your
> other password? Sounds a bit absurd to me - I mean, in that case, why
> bother to store the password at all? You should instead look at the
> 'store-passwords = no' setting in ~/.subversion/config.

No, definitely not and using the ssh approach to mitigate the risk seems
like it would be the same thing, having a password to secure a password...
a) I encrypt my private key and enter a password anyways, or b) have my
private key unencrypted and then have to worry about securing that.

>
> So, this is the sort of facility that belongs somewhere _outside_
> subversion. What you really want is for subversion to be able to
> interface with an OS facility for secure password management....

I'm all for it... :)

>
> Amazingly, subversion already does this! At least, it does if you use
> a platform that includes such a facility, namely Mac OS X or Windows
> NT. Password management glue for your favorite non-Windows, non-OS X
> system would, I'm sure, be welcome.

As mentioned in my previous e-mail I'm aware of SVN on Windows taking
advantage of this, but unfortunately, my suspicions seem to be correct about
taking advantage of a common facility on the UNIX platform (again I haven't
really looked this up, but I could be wrong here ;).

Does anyone know of a Linux/UNIX specific OS facility that could be take n
advantage of or maybe a platform independent product that could provide the
same kind of services? Is this one of those, 'this question has been asked
a million times already, and if there was one it would have already been
implemented' questions? ;)

filipe

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Oct 18 15:49:14 2006

This is an archived mail posted to the Subversion Dev mailing list.