Hello,
from my point of view, the dont-save-plaintext-passwords-by-default
branch is done. Many, many thanks to everyone who contributed helpful
feedback and suggestions, especially to Daniel Shahaf, Mark Phippard,
David Glasser and Karl Fogel. Without these guys this branch wouldn't
be where its at now.
Summary of the functionality implemented:
Add a 'store-plaintext-passwords' option, which can be set to
'yes', 'no', or 'ask' (which is the default). If the option
is set to 'ask', ask the user before saving plaintext passwords
to disk. This is done from a callback that should be implemented
by all clients.
If a client does not implement the callback, and does not provide
an explicit default value, we default to storing plaintext passwords.
I don't like this, but it's a compromise because we don't really want
the semantics of the old API to change retrospectively.
We can, however, change this default anytime by tweaking a single
line of code, should we decide to do so. The old interfaces have
been deprecated.
Provide an implementation of the callback for our command line
client, which prints a warning and a prompt, which looks like this:
Authentication realm: <svn://localhost:3690> My First Repository
Username: harry
Password for 'harry':
-----------------------------------------------------------------------
ATTENTION! Your password is going to be stored to disk unencrypted!
-----------------------------------------------------------------------
You can get rid of this warning by editing /home/stsp/.subversion/config
and setting 'store-plaintext-passwords' to either 'yes' or 'no'.
Store password unencrypted (yes/no)?
The option can be specified both in the ~/.subversion/config
file (global default), and the ~/.subversion/servers file,
where the global default can be overridden on a per-server basis.
The option is ignored if it occurs in the [global] section of
the servers file, to avoid ambiguous global defaults.
Please consult the log messages of the branch for detailed list
of changes:
svn log --stop-on-copy \
http://svn.collab.net/repos/svn/branches/dont-save-plaintext-passwords-by-default
You can get the diff like this:
svn diff http://svn.collab.net/repos/svn/trunk@30726 \
http://svn.collab.net/repos/svn/branches/dont-save-plaintext-passwords-by-default
I'd like to merge this into trunk, but will wait patiently for a
few +1's before doing so. Since this chance has been quite
controversial, I want to make sure we have something here that
is accepted by a large majority of the community.
Thanks,
--
Stefan Sperling <stsp_at_elego.de> Software Monkey
German law requires the following banner :(
elego Software Solutions GmbH HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12 Tel: +49 30 23 45 86 96
13355 Berlin Fax: +49 30 23 45 86 95
http://www.elego.de CEO: Olaf Wagner
Store password unencrypted (yes/no)? No
- application/pgp-signature attachment: stored
Received on 2008-04-22 08:32:30 CEST