[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] svn_load_dirs.pl: do not print password to screen

From: Branko Čibej <brane_at_apache.org>
Date: Sun, 14 Jul 2019 09:52:17 +0200

On 14.07.2019 09:47, Geoffrey Alary wrote:
> Hi Daniel,
>
>>> CC: both of the most recent and biggest contributors to this file.
>> In principle, same answer as in the other thread (ENOTIME unless it's a
>> regression I signed off on); but…
> Ok noted. Thank you for your replies.
>
>>> It implements a security feature: to hide the password when printing
>>> the command line to screen.
>> I suggest to add a warning to usage() that passing the password in
>> a command-line argument may make it visible to other local OS users.
> Do you mean that showing a warning message would be preferable to
> actually fixing the problem? If yes, why would that be?

On Unix, the 'ps' command can show the entire command line to other
users, so this consideration is independent of what svn_load_dirs.pl is
doing.

-- Brane
Received on 2019-07-14 09:52:28 CEST

This is an archived mail posted to the Subversion Dev mailing list.