[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

dont-save-plaintext-passwords-by-default branch done (2nd try)

From: Stefan Sperling <stsp_at_elego.de>
Date: Sun, 27 Apr 2008 17:46:39 +0200

I think the branch is ready for review, again. I've fixed and changed
quite a few things since last time around that I claimed it was done:

 - Now prompts users once per authentication realm, and not
   once per RA session.

 - Authentication parameter configuration has been moved to the
   RA layer completely. For users, this means that parameters
   which used to be configured in the [auth] section in the 'config'
   file are now configured in the 'servers' file, and can be specified
   in both the [global] section and per server group. The [auth]
   section in 'config' is still being evaluated, but is overridden
   by anything specified in 'servers'.

 - The prompt now shows the authentication realm for the password
   being cached

   $ svn --config-dir /tmp/svncfg ls svn://localhost \
                        http://ankhsvn.open.collab.net/svn/ankhsvn/trunk
  Authentication realm: <svn://localhost:3690> 2f914fcb-3f14-dd11-9d49-000b6ad51eb1
  Password for 'harry':
  -----------------------------------------------------------------------
  ATTENTION! Your password for authentication realm
  '<svn://localhost:3690> 2f914fcb-3f14-dd11-9d49-000b6ad51eb1'
  can only be stored to disk unencrypted! It is recommended to configure
  your system so that Subversion can store passwords encrypted, if possible.
  See the documentation for details. You can get rid of this warning by
  editing '/tmp/svncfg/servers'
  and setting 'store-plaintext-passwords' to either 'yes' or 'no'.
  -----------------------------------------------------------------------
  Store password unencrypted (yes/no)? no
  Authentication realm: <http://ankhsvn.open.collab.net:80> CollabNet Subversion Repository
  Password for 'guest':
  -----------------------------------------------------------------------
  ATTENTION! Your password for authentication realm
  '<http://ankhsvn.open.collab.net:80> CollabNet Subversion Repository'
  can only be stored to disk unencrypted! It is recommended to configure
  your system so that Subversion can store passwords encrypted, if possible.
  See the documentation for details. You can get rid of this warning by
  editing '/tmp/svncfg/servers'
  and setting 'store-plaintext-passwords' to either 'yes' or 'no'.
  -----------------------------------------------------------------------
  Store password unencrypted (yes/no)? yes
  README.txt
  contrib/
  doc/
  src/
  testing/
  tools/
  www/
  $
  

I hope this time there aren't any huge flaws left, and that everyone
will be at least slightly happy with this solution to what is probably
one of the most controversial problems in Subversion's history (apart
from obliterate and possibly others. No, I'm not running for an award :)

To get the diff, run:

 svn diff https://svn.collab.net/repos/svn/trunk@30801 \
          https://svn.collab.net/repos/svn/branches/dont-save-plaintext-passwords-by-default

Thanks, 

-- 
Stefan Sperling <stsp_at_elego.de>                    Software Monkey
 
German law requires the following banner :(
elego Software Solutions GmbH                            HRB 77719
Gustav-Meyer-Allee 25, Gebaeude 12        Tel:  +49 30 23 45 86 96 
13355 Berlin                              Fax:  +49 30 23 45 86 95
http://www.elego.de                               CEO: Olaf Wagner
 
Store password unencrypted (yes/no)? No

  • application/pgp-signature attachment: stored
Received on 2008-04-27 17:46:42 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.