[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] don't store plain-text passwords by default

From: David Glasser <glasser_at_davidglasser.net>
Date: Fri, 18 Apr 2008 12:28:02 -0700

On Fri, Apr 18, 2008 at 6:37 AM, Stefan Sperling <stsp_at_elego.de> wrote:
> On Thu, Apr 17, 2008 at 09:08:31PM -0700, Eric Gillespie wrote:
> > Stefan Sperling <stsp_at_elego.de> writes:
> >
> > > People have been complaining about this forever. I really think we should
> > > finally start listening to our users. I realise that many on this list
> >
> > I'm mostly staying out of this, but I can't let this comment go
> > by. The users who complain about this may be vocal, but I see no
> > evidence they're not just a loud minority.
> They may be a vocal minority compared to the rest of the user base.
> But I don't think they a very few. I cannot provide exact figures,
> but neither can you. I believe that many people who don't like the
> current behaviour don't even bother posting their thoughts to our lists,
> they probably just look into the docs, think "oh why do have to tell it
> NOT to store my password", go on to do so, and forget about it.
> I have never seen anyone post "please keep storing plain text passwords
> by default at all costs." Someone has posted "I will tell svn to store
> my password if this patch gets applied" to this thread. This is fine.
> That's what the feature is for. If there's a concious decision involved,
> the goal has been met.

The problem is, it really does seem to be a bit of misdirection.

There are some problems involving individual users being upset about
saving the password, but IMHO the more legitimate complaint is
*administrators* not wanting passwords saved in plaintext. Making
this change will *not* help them: *all* of their users are going to
run --store-password once and forget about it. It *still* will be the
case that an administrator will need to either use non-password forms
of authentication, use randomly-generated passwords irrelevant to
anything but svn, or require all users to use a specially compiled
version of svn that ignores the new preference. It may lull them a
little, but it won't actually help.

(On the other hand, I'd still totally support a "slightly mangle
passwords on disk" password option so that the complaints of "I
shouldn't find passwords by accident by grepping for them" or "I
shouldn't have a password stick in my head because I opened the file
by accident" are handled.)


David Glasser | glasser@davidglasser.net | http://www.davidglasser.net/
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-18 21:28:13 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.