[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] Change default "store-passwords" policy to "no"

From: Michael Haggerty <mhagger_at_alum.mit.edu>
Date: 2007-10-11 15:41:02 CEST

Currently, when a naive user installs SVN and first contacts a remote
repository, his password is stored in plain text under
~/.subversion/auth/. There is a storm of justifiable shock and outrage
on the users' mailing list whenever this aspect of subversion is
rediscovered.

This patch changes the default behavior so that SVN does *not* store
passwords to disk in the default configuration.

I know there have been controversies around the "storing password"
subject before. But I think that the present proposal sidesteps the
most emotional issues:

I do *not* argue that passwords should never be stored to disk.

I do *not* argue that passwords should or should not be obfuscated on disk.

I am only suggesting that the *default* behavior should not to treat
people's passwords so recklessly. The "reckless" behavior can still be
selected, but only by an explicit decision of the user.

I made this suggestion at the SVN summit last year, and I don't recall
any significant opposition to the suggestion, but we were soon immersed
in a heated discussion about other related issues. Therefore I cannot
say whether a consensus was ever reached on this more modest proposal.

If this change is accepted, then I other documentation (e.g., the FAQ)
will have to be changed. I would be happy to submit a more
comprehensive patch at that time (though I'd appreciate pointers to
other places that might be affected).

Humbly yours,
Michael

[[[
Change the default for the "store-passwords" option to "no".

* subversion/libsvn_subr/cmdline.c (svn_cmdline_setup_auth_baton):
  If the "store-passwords" option is not specified in the user's
  config file, let it default to FALSE.

* subversion/libsvn_subr/config_file.c (svn_config_ensure): Change the
  text written to ~/.subversion/config to reflect the new default.
]]]

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Thu Oct 11 15:41:29 2007

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.