[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Callbacks, prompts, etc. for issue 2779

From: Hyrum K. Wright <hyrum_wright_at_mail.utexas.edu>
Date: Thu, 29 Jul 2010 11:47:54 -0500

On Thu, Jul 29, 2010 at 11:24 AM, C. Michael Pilato
<cmpilato_at_red-bean.com> wrote:
> On 07/29/2010 12:15 PM, Mark Phippard wrote:
>> On Thu, Jul 29, 2010 at 12:09 PM, C. Michael Pilato
>> <cmpilato_at_red-bean.com> wrote:
>>> b) If the prompting approach is preferred, what's a reasonable way to do
>>> this?  The notification function cannot serve as a prompt.  We could add a
>>> redirection_callback_func to the likes of svn_client_update,
>>> svn_client_checkout, svn_client_switch, svn_client_relocate, etc., but that
>>> seems like such a really weird concept to expose at the API level.  We could
>>> introduce a custom prompting function in the client context baton.  *shrug*
>>
>> My knowledge of the API is from JavaHL.  In JavaHL, we have a callback
>> function where SVN can ask a Yes/No question.  So I assume this is a
>> callback that already exists in SVN.  Could you just use this existing
>> callback (with an appropriately worded Yes/No question)?  Not sure
>> that makes it easier or not.
>>
>> If you went with a setting, were you going to propose the redirect
>> feature is on by default?  I think it needs to be, else it is not
>> worth doing in the first place.
>
> I was originally thinking "off by default", but only because of the
> theoretical security implications of being automatically redirected to a URL
> (possibly a different machine, etc.) that differs from what you expected.
> Maybe I'm overthinking that, exaggerating the risk?  If so -- if there's no
> risk to automatically following redirection notices -- then is there any
> value in having either configuration OR prompts for this behavior?

Also, where does this redirection occur in the order of handling
authn? I would expect a redirect to expire credentials, and to
trigger the prompt for the user to store them.

-Hyrum
Received on 2010-07-29 18:48:33 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.