On 21 Jan 2022, Mark Phippard wrote:
In terms of what needs to be done, maybe I am wrong, but I did
not
think we had any mechanism in place where someone could choose
not to
compile in support for this feature. So that is new code that
would
need to be added.
Well:
------------------------------------------------------------------------
r1845377 | brane | 2018-10-31 14:40:21 -0500 (Wed, 31 Oct 2018)
| 6 lines Changed paths:
M /subversion/trunk/configure.ac
Disable plaintext password storage by default. It can still be
enabled at configure time. * configure.ac: Invert the default
of the plaintext-password-storage
option and update its help text.
------------------------------------------------------------------------
:-)
1) I think there should be an easy way to know if the support
exists
or not. I am thinking "svn --version" maybe prints out if
plaintext is
available? So an admin could run this command and would look to
confirm they do NOT see that in the output? Maybe this already
exists?
As Nathan Hartman pointed out in his reply, we already do this (I
wasn't aware of it either until Nathan's mail, by the way!).
2) If we have to add a new compile option, then I suggest we go
all
the way and also close the backdoor that exists. IOW, if svn is
compiled without plaintext support then it also should not be
able to
read an existing stored plaintext credential.
That was a deliberate compatibility move, and I'm not sure we
should change it. Can you describe the harm that would come from
keeping that behavior vs changing it as you describe above? I
guess I don't see how it's a "backdoor".
Best regards,
-Karl
