[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Using http:// URL that contains a username

From: Jim Hanley <jhanley_at_DGtlRift.com>
Date: Wed, 08 Apr 2009 07:01:49 -0600

Quoting Andrey Repin <anrdaemon_at_freemail.ru>:

> Greetings, Ryan Schmidt!
>>> Better stick to one way of accessing SVN on single host, unless
>>> there's
>>> something special about it.
>> Why? Using multiple access methods for a single repository is
>> allowed, and even described in the book. Yes, it's more work to set
>> up correctly and there are some issues to be aware of, but it
>> shouldn't be prohibited outright.
>> http://svnbook.red-bean.com/en/1.5/svn.serverconfig.multimethod.html
> I shall point to "from same [client] host" in my sentence once again.
> I can't imagine efficient scheme in which I could use both svn://
> and https://
> from my working PC at the same time for the same working copy.

The example the originating author used is /not/ a working copy, but a
URL. The argument against supporting such common standard
functionality is invalid considering that /every/ browser allows the
use of http(s)://user:pass_at_server/ for authenticated realms.

> For different copies and purposes, may be. But still, I would stick to one
> way or another, reusing SVN auth cache as much as possible without
> unnecessary
> bloating.

It's not bloating, its implementing section 3.2.1 of RFC 3986

> However, it is likely to be demanded and used feature if Subversion could
> take username from URL.
> At the very least, it'll make --username redundant as well as allow users to
> completely disable credentials storing and still be able to only type the
> password, because username already supplied (and stored if it is WC) as part
> of repository path.
> But there's a necessary precaution: user could take a step further and supply
> password in URL. This password should never be stored in WC. Taken in count,
> may be, stored in auth cache, may be, but not in WC, in clear text.
> P.S.
> Using my shared hosting shell... SVN 1.4.3 on FreeBSD >.< storing
> passwords in
> clear text in auth cache. Not enjoyable... would it change if they
> upgrade SVN
> to 1.5 or 1.6 ?
> --
> WBR,
> Andrey Repin (anrdaemon_at_freemail.ru) 08.04.2009, <15:10>
> Sorry for my terrible english...
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1595196
> To unsubscribe from this discussion, e-mail:
> [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-04-08 15:02:45 CEST

This is an archived mail posted to the Subversion Users mailing list.