[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] don't store plain-text passwords by default

From: Stefan Sperling <stsp_at_elego.de>
Date: Tue, 22 Apr 2008 18:49:37 +0200

On Tue, Apr 22, 2008 at 04:44:00PM +0200, Martin Furter wrote:
>> Is all this OK for you?
>
> Sorry that I didn't follow your work close enough...
> That sounds good.

OK.

>> Other systems have their own ways of dealing with compile-time dependencies.
>> Compile-time dependencies are not exactly uncommon.
>
> There are many users out there who never compile anything on their machine
> because they just run "apt-get install" or similar commands. For those
> distros it must be possible to separate the auth modules from the rest of
> subversion. If they're not modules installing subversion would pull in all
> dependecies like KDE, Gnome, etc. (or at least parts of them).

I believe Debian has a smart way to deal with compile-time options
(alternative packages or something like that?). They should anyway,
because it's a very, very, very, very, very, very, very common problem.

> This will end the complaints "I found my password stored as plaintext".

Yes.

> But security dictators still can't disable the feature.

No, they can't.

> Users are still
> able to store the plaintext passwords but know they (maybe) know that they
> do that. Have you ever seen a user not clicking "OK" if a browser asks him
> if it should store his login and password?

So what? I'm not out to stop people from doing stupid things.
At least they won't be able to blame us for doing stupid things
anymore.

> I think moving all the auth stuff into modules has the following
> advantages/disadvantages:

It's seperate topic, that is very viable, but should be discussed
in a different thread.

> There's also one thing I miss today: For some servers i don't want to store
> passwords, for the rest I don't want to type it all the time...
> I solved that by using different OS users which have store-auth-creds set
> to yes/no in their configs.
> (The reason I do that is that it forces me to think twice about committing
> to those servers ;)
> That is something i'd like to be able to configure per server.

Already done on the branch -- it's currently buggy, but works.
A diff that fixes it sits in my working copy and is almost ready
for commit.

> Thanks for your good work. It's definitely a step in teh right direction :)

That's good to hear! :)

Thanks, 

-- 
Stefan Sperling <stsp_at_elego.de>                    Software Monkey
 
German law requires the following banner :(
elego Software Solutions GmbH                            HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12        Tel:  +49 30 23 45 86 96 
13355 Berlin                              Fax:  +49 30 23 45 86 95
http://www.elego.de                               CEO: Olaf Wagner
 
Store password unencrypted (yes/no)? No

  • application/pgp-signature attachment: stored
Received on 2008-04-22 18:50:24 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.