[SVN-3061] username + password + non-interactive caches creds wrong - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Blocker
Resolution: Unresolved
Affects Version/s: 1.4.x
Fix Version/s: unscheduled
Component/s: cmdline client
Labels:
None
Environment:

Mac OS X

Description

Using a svn command-line client built to store passwords in the OS X keychain, the following 
command:

svn log --username jrepenning --password XXX --non-interactive -rHEAD 
https://cee.extranet.collab.net/svn/cee

... causes the password to be cached in svn.simple/*

This is a security issue, of potentially grave impact (since the keychain configuration allows insecure 
storage of ~/.subversion/)

I have not checked whether analogous mishandlings occur on Windows, with its somewhat different 
secure storage extension.

This may be related to the Leopard bug that afflicts --non-interactive (issue 3059)

Original issue reported by jackrepenning

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Subversion Importer

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 31/Dec/07 04:41

Updated:: 11/Jun/08 04:50