[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: subversion reveals passwords

From: Hadmut Danisch <hadmut_at_danisch.de>
Date: Mon, 07 Apr 2008 00:08:14 +0200

Erik Huelsmann wrote:
> Well, there's a big chance of me being perceivede as rude after my
> next statement, but this has been discussed *many* times before.
Well, this is not exactly rude, it is more a sort of ignorance.

How many times does it have to be discussed until people finally
understand that it is an absolute no-go to store passwords in plaintext
without user consent?

Telling that it has been discussed *many* times is not a statement
that your point of view is correct. It is rather a statement that
discussing is
sort of pointless.

I've seen the same arguments as in this discussion two weeks ago on the
users mailing list. The arguments are wrong because they confuse the
security on the wire and the authentication protocol with the security of
local storage.

Maybe I am rude when I tell that repeating a flaw a hundred times, it does
not become correct or better in any way.

On the contrary, it is an extremely bad habit of maintainers to claim that
something is correct just because it has been discussed (and arguments have
been ignored) so many times.

Maybe the fact that this issue had been raised so many times should ring
a bell.

> The choice to store passwords in plain text has been a very conscious
> decision; it has also been replaced by more appropriate storage
> mechanisms on platforms which support that (Keychain on OSX,
> Crypto-API on Windows). Unfortunately, Linux doesn't feature a
> *standardized* crypto-agent. We don't need people lecturing us what's
> secure and what's not: we need people implementing secure storage
> mechanisms or patches to Subversion to support these mechanisms.

Well, I would say if someone silently stores a password in plaintext
and doesn't realize the problem, then a lecture would not be a
good point to start with.

But I am not sure what it takes if so many people have raised that issue
before and the maintainers still did not get the point, instead use the
argument that this has been ignored so many times. I do agree that
does not make much sense anymore in such a case.

I have no idea what people where conscious of when making that decision.
But it is not a good decision.

BTW: There are storage mechanisms under Linux, e.g. the KDE and gnome


To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-07 00:08:27 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.