[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: UI Proposal for Code Collaborator settings

From: Friedrich Brunzema <brunzefb_at_yahoo.com>
Date: Fri, 7 Jun 2013 16:58:29 -0700 (PDT)

Thinking about it some more, I agree with not putting the code collaborator settings with the TSVN settings. [It was still fun to do, as it made me remember MFC stuff that I had not seen for 10 years].

What really needs to be persisted is the two user names and passwords (with the passwords encrypted). Thanks to Stefan for upgrading the CStringsUtils - its really where that code belongs!

I don't like the idea putting the usernames into SVN properties and the passwords in an .ini file, as this separates the info. I would much rather like to keep these code collaborator settings all together.

So lets go, as Stefan suggested with a standard windows .ini file located in the %appdata%\TortoiseSvn that stores the 4 aforementioned parameters. This means that its a per-windows user setting. If the collabgui.exe file is found in the standard location (x86) and (x64), then the Add to Code Collaborator menu item is shown when right clicking the revisions in the LogDialog. No app found, no menu item. [If it is not in the standard location, they are out of luck] If the .ini file does not exist, the user is prompted with a Modal Dialog that lets him/her enter the data. The dialog is not shown if the .ini file exists, unless the user presses control when invoking the menu. That way the user has a way to update the usernames and encrypted passwords.

Unfortunately, the unencrypted passwords along with the usernames are passed on the command line to collabgui - which is a bad design. Using tools like Sysinternals Process explorer lets you see the commandline, exposing the passwords. But I agree that it is better to do due diligence when storing passwords - ie encrypt them. I will point this out to the Code Collaborator authors and ask them for a better way to do this.

If anyone has concerns with this approach or further suggestions, let me by posting to this thread.




To unsubscribe from this discussion, e-mail: [dev-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2013-06-08 01:58:32 CEST

This is an archived mail posted to the TortoiseSVN Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.