[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: show differences

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: 2006-09-21 20:59:52 CEST

ESSI - Billie H. Cleek wrote:
> Stefan,
>
> There are more reasons for security other than just having something
> saved on disk. I don't want someone walking up to my machine and doing
> operations that only I can do. If I save authentication information,
> then suddenly they walk up to my machine if I happen to be away and
> forgot to lock it and execute operations on the repository that they
> would not normally be able to do.
>
> I don't know the internals of TSVN, but surely this is possible, because:
> 1. Previous versions of TSVN did not exhibit this behavior

But previous versions also failed many times when trying to do the diff.
I've decided it's better to let TSVN get some information beforehand and
use that information for the diff than having it fail too often.

> 2. If there is a method that is controlling the operations that are
> performed based on a single ui event, and one of the actions that TSVN
> does is to get the authentication information, then that ui handler can
> pass the credentials to the other methods that need it. This is
> definitely in the realm of possibilities.

But that would mean keeping the authentication data in RAM, and *that*
would be a security risk (that data could be written to the disk in the
swap file), or could be read by malware.

And seriously: don't you trust your fellow coworkers in your office that
little bit? If you don't, then you also must always lock your computer
when you walk away.
And besides: if you forget to lock your station and they have access to
it, then they can do more harm using only your windows credentials than
they can do with your access to a Subversion repository.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.net
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: users-help@tortoisesvn.tigris.org
Received on Thu Sep 21 21:00:00 2006

This is an archived mail posted to the TortoiseSVN Users mailing list.