On Jan 2, 2008, at 4:02 PM, Branko Čibej wrote:
> I think it is a security issue. If Subversion was compiled with
> keychain
> support, it should IMHO never try to store passwords outside the
> keychain, regardless --(non-)interactive. Same goes for password
> encryption on Windows, although AFAIK that never requires the user to
> interactively enter a password.
>
> I see two possible solutions here:
>
> * Update our whole authn-provider-chain infrastructure so that an
> authn plugin can tell the authn store code to stop walking the
> chain -- effectively causing it to not store authentication info.
Interesting thought. This is similar to what auth-providers can do
within Apache and PAM, I believe: say "yes, it's OK" or "beats me, ask
someone else" or "absolutely not, don't bother asking anyone else."
In as much as we're only in this conversation due to an OS bug,
though, is it worth this much work?
> * A more Mac-specific solution would cause the keychain provider to
> lie that it had stored the username and password, even if it in
> fact didn't. This option seems like a bit of a wart, though.
Pretty icky. And what if we ever bite the bullet and solve the secure-
cache problem on Unix somehow? We'd be setting a precedent.
-==-
Jack Repenning
Chief Technology Officer
CollabNet, Inc.
8000 Marina Boulevard, Suite 600
Brisbane, California 94005
office: +1 650.228.2562
mobile: +1 408.835.8090
raindance: +1 877.326.2337, x844.7461
aim: jackrepenning
skype: jrepenning
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-01-04 06:46:05 CET