[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Obfuscate auth info

From: Branko Čibej <brane_at_xbc.nu>
Date: 2006-10-19 09:51:23 CEST

James Courtier-Dutton wrote:
> Why not interface with ssh-agent, and get ssh-agent or an ssh-agent type
> program to store the passwords. Then, the passwords are lost at each
> reboot, and do not enter any backup tapes, so are only stored in memory
> for the duration of the session.
>

That idea has been kicked around in the past...

An ssh-agent type daemon wouldn't work for Subversion. AFAIU, ssh lets
ssh-agent do its authentication, so the identity never actually leaves
ssh-agent's (presumably secure, locked-down) cache.

It might work if you wrote a daemon that worked as a *proxy* for
Subversion (HTTP proxy, svnserve proxy -- all of that) so that password
data never have to travel between libsvn_ra_* and the proxy ... I don't
know how to do that efficiently.

-- Brane

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 19 09:52:32 2006

This is an archived mail posted to the Subversion Dev mailing list.