[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] don't store plain-text passwords by default

From: Martin Furter <mf_at_rola.ch>
Date: Mon, 21 Apr 2008 01:46:52 +0200 (CEST)

On Fri, 18 Apr 2008, Stefan Sperling wrote:

> On Thu, Apr 17, 2008 at 09:08:31PM -0700, Eric Gillespie wrote:
>> Stefan Sperling <stsp_at_elego.de> writes:
>>
>>> People have been complaining about this forever. I really think we should
>>> finally start listening to our users. I realise that many on this list
>>
>> I'm mostly staying out of this, but I can't let this comment go
>> by. The users who complain about this may be vocal, but I see no
>> evidence they're not just a loud minority.
>
> They may be a vocal minority compared to the rest of the user base.
>
> But I don't think they a very few. I cannot provide exact figures,
> but neither can you. I believe that many people who don't like the
> current behaviour don't even bother posting their thoughts to our lists,
> they probably just look into the docs, think "oh why do have to tell it
> NOT to store my password", go on to do so, and forget about it.
>
> I have never seen anyone post "please keep storing plain text passwords
> by default at all costs." Someone has posted "I will tell svn to store
> my password if this patch gets applied" to this thread. This is fine.
> That's what the feature is for. If there's a concious decision involved,
> the goal has been met.

Please keep storing plain text passwords by default at all costs!

You asked for it ;)

I'm against another few quick hacks without a clean design.

This "don't store plain-text" patch will just annoy the users and everyone
will go back to the old behaviour. Additionally those loud security people
will continue complaining because the problem isn't solved.

Also people start adding other auth stuff like kwallet and I guess all of
them pull in extra libs and add random calls into those libs which maybe
popup windows and whatever... I don't think anyone will distribute
subversion binaries with any of those auth options enabled if it pulls in
lots of unrelated libraries. And I fear it will have as awful startup
times as other kde/gnome applications have.

I think all that stuff should go into loadable modules which can be
enabled or disabled in /etc/subversion/config (or maybe a new file in
there). Administrators will be able to choose which modules they install
and which they don't because they're too 'insecure'.

An svn-agent like ssh-agent would also be a nice thing to have.

Just my 2 cents.

Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-22 09:54:04 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.