On Fri, 16 Jul 2004 12:52:23 +0200,
Stefan Küng <stefan.kueng@wagner-group.ch> wrote:
SK> It's done by Subversion. TSVN has no way to interfere with that (sorry).
SK> ...
SK> I know. I'd rather have this encrypted too...
SK> ...
SK> > Should this request / suggestion directed to SubVersion development team?
SK>
SK> You can try. But before you do, please read the archived (one of them,
SK> there are many...) mailing thread about this:
SK> http://www.contactor.se/~dast/svnusers/archive-2003-09/0484.shtml
I've read the thread you refered to. I see. :(
They seem hard to recognize a plain error when they one under the eyes.
No matter what counter argument they can find, storing plain-text, with
or without filesystem security is a design error. I will try to write a
clear paper about this and how it could be designed for better security
and then I'll post to adequate subversion list. I'll try to write a
patched version to demo how it could be done.
Let me resume my points here, so that others TortoiseSVN can share ideas
and point of views before I report to SubVersion and try to make things
move in the right way.
My points are:
1) Storing the authentication details is usefull. Especially when the
client has to connect to multiple hosts with possibly different
authentication mechanisms and different login/passwords.
2) Storing clear-text is stupid. I know I will have to write this with
other words not to be rude, but that is a stupid security mistake. No
file system security can solve this, except using an encrypted
file-system (which will require the user to type a single master
password from time to time). And that is exactly what I suggest SVN
should have.
3) Any decent security mechanism *will* require the user to type a
password (when some authentication is required) for the purpose of
decrypting the store which contains the real authentication details
(login / password and the like). That is there is *no* secure way of
storing auth details without having to ask sometimes for a password
which can't be saved. But typing a single password sometimes (it can be
cached for limited time in memory) is *much* easier than having to type
full auth details each time (if not stored) or storing them in
clear-text.
4) I understand that for a command-line tool, caching a master-password
in memory for some time is not adequate, as the process terminates
between each successive command. But again, having to type a single
password, the same for all my subversion auth details (for all my
servers) each time I issue a command that requires one is certainly not
a problem.
Are there comments, other ideas ?
--
Olivier Mascia
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Fri Jul 16 14:20:55 2004