On 10/11/07, Michael Haggerty <mhagger@alum.mit.edu> wrote:
> Currently, when a naive user installs SVN and first contacts a remote
> repository, his password is stored in plain text under
> ~/.subversion/auth/. There is a storm of justifiable shock and outrage
> on the users' mailing list whenever this aspect of subversion is
> rediscovered.
>
> This patch changes the default behavior so that SVN does *not* store
> passwords to disk in the default configuration.
>
> I know there have been controversies around the "storing password"
> subject before. But I think that the present proposal sidesteps the
> most emotional issues:
>
> I do *not* argue that passwords should never be stored to disk.
>
> I do *not* argue that passwords should or should not be obfuscated on disk.
>
> I am only suggesting that the *default* behavior should not to treat
> people's passwords so recklessly. The "reckless" behavior can still be
> selected, but only by an explicit decision of the user.
These are only issues on *nix. Windows and OSX both store passwords
with strong encryption. I'd be an emphatic -1 to changing the default
behavior on those operating systems.
I know we cannot do strong encryption on *nix without dragging in a
bunch of dependencies. Is there something else that can be done?
I'd also be opposed to this patch unless we are going to implement
better (actually we don't have any exposed in JavaHL) API's for
working with the configuration files. I am kind of stuck when dealing
with these issues in Subclipse because I do not have any way to
examine or update the configuration other than going at the files
directly. Given that Subclipse is platform independent and the rules
for the configuration files are not, this is not trivial.
--
Thanks
Mark Phippard
http://markphip.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 11 15:59:59 2007