Details
-
Bug
-
Status: Open
-
Blocker
-
Resolution: Unresolved
-
1.4.x
-
None
-
Mac OS X
Description
Using a svn command-line client built to store passwords in the OS X keychain, the following command: svn log --username jrepenning --password XXX --non-interactive -rHEAD https://cee.extranet.collab.net/svn/cee ... causes the password to be cached in svn.simple/* This is a security issue, of potentially grave impact (since the keychain configuration allows insecure storage of ~/.subversion/) I have not checked whether analogous mishandlings occur on Windows, with its somewhat different secure storage extension. This may be related to the Leopard bug that afflicts --non-interactive (issue 3059)
Original issue reported by jackrepenning