[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion sometimes needlessly asks for confirmation to store already stored plaintext passwords

From: Senthil Kumaran S <senthil_at_collab.net>
Date: Mon, 01 Sep 2008 17:35:39 +0530

Hash: SHA1

Hi Karl,

Karl Fogel wrote:
> + /* Nothing was present in the auth cache, so indicate that these
> + credentials should be saved if saving is allowed by the run-time
> + configuration. */
> I'm just saying that it would be a bit better if that kind of
> explanation were collected at the variable's declaration, so the reader
> could understand the full semantics from the start -- instead of having
> to collect the information bit by bit from reading through the code.
> It's not a big deal, though; I think it's pretty clear as-is.

The updated patch has more clarification in the doc string for 'need_to_save'
variable. Please let me know if the patch is good so that I can commit it to trunk.

Fix unnecessary plaintext password saving prompt when the username
is supplied on the command line and the password is already cached.

* subversion/libsvn_subr/simple_providers.c
  (simple_username_get): New function to get username for simple provider.
  (svn_auth__simple_first_creds_helper): Start out with need_to_save = FALSE.
   The old code did set creds->may_save to TRUE whenever a username
   was supplied on the command line, regardless of whether a password
   was already cached or not. Here we check for different combinations
   of username and password either supplied in the command line or
   already cached in the auth area, based on that we toggle creds->may_save
   through need_to_save.

Found by: arfrever
Review by: kfogel

Thank You.
- --
Senthil Kumaran S
Version: GnuPG v1.4.6 (GNU/Linux)


To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org

Received on 2008-09-01 14:05:57 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.