On Wed, Oct 18, 2006 at 03:12:15PM +0200, Alex Holst wrote:
> Quoting Malcolm Rowe (malcolm-svn-dev@farside.org.uk):
> > Obfuscating passwords solves two problems:
> > 1. It prevents accidental disclosure (e.g. 'grep -r pony ~', if your
> > password is 'i-want-a-pony', your non-malicious sysadmin reading
> > it by mistake, that kind of thing).
> > 2. It stops people complaining that "HEY SUBVERSION IS STORING MY PASSWORD IN
> > THE CLEAR!!1".
>
> Whilte Such a change may stop users complaining,
> it won't stop subversion from storing the password (effectivly) in the
> clear.
>
> None of this will stop attackers.
Both true, though neither of those are in any way the intended goals for
this change.
> And, while the change may indeed stop
> users from complaning, you'll simply end up with security professionals,
> like me, complaining that subversion "tricks" users into not
> investigating alternatives to plain text passwords.
>
We'd ideally like to implement an equivalent to Keychain or CryptoAPI on
Unix-like platforms, possibly via the mythical svn-agent, or via
something like gpg-agent or ssh-agent.
But we've been saying that for the past few years. In the meantime, we
still store passwords in plaintext, and this makes some people
uncomfortable.
Yes, we absolutely do not want to mislead people about what we're doing,
but that's what the large warning in the auth file is for. Is that not
good enough?
Regards,
Malcolm
- application/pgp-signature attachment: stored
Received on Wed Oct 18 19:24:05 2006