[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Obfuscate auth info

From: Ph. Marek <philipp.marek_at_bmlv.gv.at>
Date: 2006-10-20 10:50:15 CEST

On Friday 20 October 2006 10:33, David Anderson wrote:
> On 10/20/06, Samay <getafix123@hotmail.com> wrote:
> > how about something similar to http://nsd.dyndns.org/pwsafe/ to manage
> > passwords within Subversion client side ... at least for the CLI ...
> I have three concerns at first glance:
...
> Integrating with a secure password store is not
> a silver bullet that will just magically work without work and care.
+1

> I feel that this thread has degraded into an amalgamation of two very
> separate issues. One is changing the current cleartext cache to an
> obfuscated-cleartext cache; the second, which got tagged on at some
> point, is integrating with secure password stores for operating
> systems other than Windows and OSX.
>
> I do not think that there is any debate whatsoever that the latter is
> desirable, and desired. [...] but patches are always welcome.
+1

> The first issue, however, is completely orthogonal to integration with
> secure stores. Assume an OS on which a systemwide secure store is not
> at all available. On such a system, passwords are currently cached
> cleartext, which provides zero security, and a medium to high risk of
> accidental disclosure (a grep that happens to match part of your
> password will print it to screen, for instance).
+1.
That's what I wanted to say; there's always some risk that passwords get
accidentally printed to the screen, and that someone (even if
high-priviledged) doesn't *want* to see them.

> The proposed patch does not change the security level of the cache
> (and goes out of its way to clearly indicate in the cache file that it
> doesn't). However, it reduces the risk of accidental disclosure to a
> much more reasonable level. The patch is very simple, and needs only
> minor tweaks to be immediately commitable.
+1

Dave,

thank you for this summary. I think the same, and hope that this (or some
similar) patch gets committed.
However, I believe that this won't happen, as I've already seen a few +1 on
leaving things as they are (JE, PL), so I fear that we (non-core-team) people
will be voted down.

Regards,

Phil

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Oct 20 10:50:43 2006

This is an archived mail posted to the Subversion Dev mailing list.