[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] svn_load_dirs.pl: do not print password to screen (v2)

From: <geoffrey.alary_at_gmail.com>
Date: Mon, 15 Jul 2019 00:23:28 +1200

Hi,

> > > > It implements a security feature: to hide the password when printing
> > > > the command line to screen.
> > >
> > > I suggest to add a warning to usage() that passing the password in
> > > a command-line argument may make it visible to other local OS users.
> >
> > Do you mean that showing a warning message would be preferable to
> > actually fixing the problem?
>
> No. I think the warning and the asterisking are independent changes;
> I suppose we should make both of them.

This is the second version of the patch, including the suggestion from
Daniel.

Log message:
[[[
Do not print password to screen in svn_load_dirs.pl.

* contrib/client-side/svn_load_dirs/svn_load_dirs.pl.in
  (sanitize_pwd): New function.
  (safe_read_from_pipe, read_from_process): Update the sites printing
   the command line to screen to use sanitize_pwd.
  (usage): Warn that other local OS users may be able to see the
   password passed on the command-line.

  Fix indentation; that is, replace the 2 tab occurrences by 8 spaces.
]]]

Received on 2019-07-14 14:23:31 CEST

This is an archived mail posted to the Subversion Dev mailing list.