Re: [PATCH] Obfuscate auth info

From: Branko Čibej <brane_at_xbc.nu>
Date: 2006-10-19 09:51:23 CEST

James Courtier-Dutton wrote:
> Why not interface with ssh-agent, and get ssh-agent or an ssh-agent type
> program to store the passwords. Then, the passwords are lost at each
> reboot, and do not enter any backup tapes, so are only stored in memory
> for the duration of the session.
>

That idea has been kicked around in the past...

An ssh-agent type daemon wouldn't work for Subversion. AFAIU, ssh lets
ssh-agent do its authentication, so the identity never actually leaves
ssh-agent's (presumably secure, locked-down) cache.

It might work if you wrote a daemon that worked as a *proxy* for
Subversion (HTTP proxy, svnserve proxy -- all of that) so that password
data never have to travel between libsvn_ra_* and the proxy ... I don't
know how to do that efficiently.

-- Brane

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 19 09:52:32 2006

This message: [ Message body ]
Next message: Branko Čibej: "Making ra_serf the default for DAV"
Previous message: Kamesh Jayachandran: "[PATCH][merge-tracking]get_merge_info_for_path eliding fails when ancestor has mergeinfo or null mergeinfo.(Take2)"
In reply to: James Courtier-Dutton: "Re: [PATCH] Obfuscate auth info"
Next in thread: Peter Samuelson: "Re: [PATCH] Obfuscate auth info"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]