[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion sometimes needlessly asks for confirmation to store already stored plaintext passwords

From: Stefan Sperling <stsp_at_elego.de>
Date: Fri, 18 Jul 2008 15:20:32 +0200

On Fri, Jul 18, 2008 at 03:23:17PM +0530, Senthil Kumaran S wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Arfrever,
>
> Arfrever Frehtes Taifersar Arahesis wrote:
> > Subversion asks for confirmation to store plaintext passwords which have been
> > already stored when the '--username ${USERNAME}' option is used.
> >
> > (Stylesen said on #svn-dev that he will be working on a patch.)
>
> As promised here is a patch attached which solves this problem.
>
> [[[
> Fix unnecessary plaintext password saving prompt when username is supplied
> and password is already cached.
>
> * subversion/libsvn_subr/simple_providers.c
> (svn_auth__simple_first_creds_helper): Start with may_save FALSE, which
> helps in getting the cached results and avoids a plaintext password
> saving prompt when it is not necessary.
>
> Patch by: stylesen
> Found by: arfrever
> ]]]

Senthil,

I've reviewed this change, +1.

Here's a rewritten log message that explains better what problem
we are fixing:

[[[
Fix unnecessary plaintext password saving prompt when the username
is supplied on the command line and the password is already cached.

* subversion/libsvn_subr/simple_providers.c
  (svn_auth__simple_first_creds_helper): Start out with may_save = FALSE.
   The old code did set creds->may_save to TRUE whenever a username
   was supplied on the command line, regardless of whether a password
   was already cached or not. This unconditionally triggered the whole
   auth caching logic (including the 'may I save your password in
   plaintext?' prompt) to be run again, even if a password was already
   cached.

Patch by: stylesen
Found by: arfrever
Approved by: stsp
]]]

Please commit if you agree with my log message.

Stefan

  • application/pgp-signature attachment: stored
Received on 2008-07-18 15:20:22 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.