Handling of TortoiseSVN crash report compromises security

Hello,

I came accross a crash report I submitted on TortoiseSVN using the automated
tool. I didn't know this report was submitted to the mailing list
org.tigris.tortoisesvn.crashreports. I found it on Google when it was
included on http://markmail.org/message/oooh2lhlt6tld46l. The report
includes a zipped .dmp dump file, containing bits and pieces of the source
code I was working on at the time.

You may imagine that these pieces of source code might include sensitive
information, e.g. config-files with usernames and passwords to database
servers used in the project. I regret this being publicly disclosed.

You might want to change procedures to prevent this. As a user, I'd like to
be warned about data disclosure when I am about to commit a crash report.
However satisfied I am about your work on TortoiseSVN in general, and
however much I am committed to help you improve the software using these
reports, I can't take the risk of spreading confidential information. So I
am sorry to say that I won't send crash reports until this is solved.

I'm not a member of this list, but please keep me informed about the
solution of this issue.

Kind regards,

Remco Nijhuis.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-11-04 17:09:35 CET