[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r30800 - in branches/dont-save-plaintext-passwords-by-default: . subversion/include subversion/libsvn_subr

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Mon, 28 Apr 2008 16:11:10 -0400

Stefan Sperling <stsp_at_elego.de> writes:
> I'm not really happy with this, but I found no better way to do it.
> This is a hack to deal with a rare corner case.
> Pools are reused per RA session, and all the RA callbacks are called
> per RA session. This means that when users pass the same URL twice,
> like this:
> svn ls svn://example.com svn://example.com
> svn_auth_save_credentials is called twice, because two RA sessions
> are opened. Since this function may end up prompting the user about
> storing plaintext passwords, we can either have the user answer the same
> prompt twice (quite silly), or expand the life time of the pool passed
> to svn_auth_save_credentials so we can reuse the answer given during the
> first RA session for the second one. Not passing a pool with extended
> lifetime and naively trying to use it across RA sessions anyway is what
> was causing the crash mentioned in the log message.
> [...]
> So I sneaked in this bit:
> [...]
> I hope this is acceptable?

As long as public doc strings also say it. Should the doc string for
svn_auth_save_credentials() also mention it, therefore?

I think your solution is actually fine, by the way. Part of what's
useful about pools is that they indicate operation scope/lifetime. IOW,
your solution is a feature, not a bug :-).


To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-28 22:11:36 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.