[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Question Re: Bug with "--non-interactive" (issue 3059)

From: Jack Repenning <jrepenning_at_collab.net>
Date: Wed, 2 Jan 2008 16:18:50 -0800

On Jan 2, 2008, at 4:02 PM, Branko Čibej wrote:

> I think it is a security issue. If Subversion was compiled with
> keychain
> support, it should IMHO never try to store passwords outside the
> keychain, regardless --(non-)interactive. Same goes for password
> encryption on Windows, although AFAIK that never requires the user to
> interactively enter a password.
> I see two possible solutions here:
> * Update our whole authn-provider-chain infrastructure so that an
> authn plugin can tell the authn store code to stop walking the
> chain -- effectively causing it to not store authentication info.

Interesting thought. This is similar to what auth-providers can do
within Apache and PAM, I believe: say "yes, it's OK" or "beats me, ask
someone else" or "absolutely not, don't bother asking anyone else."

In as much as we're only in this conversation due to an OS bug,
though, is it worth this much work?

> * A more Mac-specific solution would cause the keychain provider to
> lie that it had stored the username and password, even if it in
> fact didn't. This option seems like a bit of a wart, though.

Pretty icky. And what if we ever bite the bullet and solve the secure-
cache problem on Unix somehow? We'd be setting a precedent.

Jack Repenning
Chief Technology Officer
CollabNet, Inc.
8000 Marina Boulevard, Suite 600
Brisbane, California 94005
office: +1 650.228.2562
mobile: +1 408.835.8090
raindance: +1 877.326.2337, x844.7461
aim: jackrepenning
skype: jrepenning

To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-01-04 06:46:05 CET

This is an archived mail posted to the Subversion Dev mailing list.