On Jun 9, 2008, at 12:26 PM, Stefan Sperling wrote:
> The above comment means that if you use any client other than the
> svn command line client (such as svnX), by the time we release 1.6,
> you should ask the developers of your client to implement the callback
> that asks the user whether saving passwords in plaintext is OK.
Not sure I parse this, so just for clarity: svnX does use the command
line (building command-line invocations and parsing command-line
> Else their client will cause our library to save the password in
> except in --non-interactive mode. We don't ever store plaintext
> in non-interactive mode anymore in current trunk (and thus 1.6).
That's going to be a problem for the likes of svnX, since they do
everything --non-interactive, yet rely upon SVN to cache credentials
(and users would prefer this cache be secure).
> But isn't there a catch? To authenticate during --non-interactive
> having access to a cached password from Keychain, you need to pass
> --password on the command line. Which probably means that your
> is saved in your shell's history instead of the svn auth area, right?
> No idea which is the lesser evil :/
Not the shell's history, since these wrappers don't use an interactive
shell; they invoke the command-line tool via popen() (or language-
specific equivalent). There may be a copy of the user's login shell
involved there, but it's not interactive and doesn't save history.
There's some risk of leakage through "ps" and the like.
In any case, I'm in an odd spot, here: I don't maintain any of these
wrappers, and indeed they don't fit my personal work style, so I don't
even use them. My project, SCPlugin, uses the SVN APIs. I discovered
the problem indirectly: because of the odd fail-through sequence in
the command-line tool, these GUI wrappers _were_ storing creds in
cleartext in svn.simple/, even though the command-line binary they use
stores them in the keychain; when I cam along later, I couldn't find
the creds (because I was not looking in svn.simple/, only in the
keychain). I fixed that, so I will find svn.simple/ creds if
necessary, so I have no more problem, really. I am now trying to
represent these several GUI wrapper developer communities by proxy.
I've tried to contact them, without response, but since many of my
users are also users of theirs, I want these things to work right.
"Subversion for the rest of OS X"
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-06-09 22:45:39 CEST