[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: The --password and clumsy users issue

From: Martin Furter <mf_at_apache.org>
Date: Fri, 04 Jul 2014 09:40:22 +0530

On 07/04/14 04:47, Gabriela Gibson wrote:

> This is a summary of Ben's reply:
> Ben Reser wrote on Thu, Jul 03, 2014 at 12:54:58 -0700:
> > 1) Remove the option.
> > 2) Redact the password in the argv after starting up and finding the
> > bits to redact.

3) Allow the password to be supplied over stdin using the special value "-".

Nobody will see the password. The only leak is that a password has been
supplied using stdin. An attacker will have to convince the calling
application to run something different than svn which logs the password
to a file.

This can ofcourse be combined with 2).

- Martin
Received on 2014-07-04 06:11:04 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.