On 21 Jan 2022, Mark Phippard wrote:
In terms of what needs to be done, maybe I am wrong, but I did not think we had any mechanism in place where someone could choose not to compile in support for this feature. So that is new code that would
need to be added.

Well:

------------------------------------------------------------------------ r1845377 | brane | 2018-10-31 14:40:21 -0500 (Wed, 31 Oct 2018) | 6 lines Changed paths: M /subversion/trunk/configure.ac Disable plaintext password storage by default. It can still be enabled at configure time. * configure.ac: Invert the default of the plaintext-password-storage option and update its help text. ------------------------------------------------------------------------

:-)

1) I think there should be an easy way to know if the support exists or not. I am thinking "svn --version" maybe prints out if plaintext is
available? So an admin could run this command and would look to
confirm they do NOT see that in the output? Maybe this already exists?

As Nathan Hartman pointed out in his reply, we already do this (I wasn't aware of it either until Nathan's mail, by the way!).

2) If we have to add a new compile option, then I suggest we go all
the way and also close the backdoor that exists. IOW, if svn is
compiled without plaintext support then it also should not be able to
read an existing stored plaintext credential.

That was a deliberate compatibility move, and I'm not sure we should change it. Can you describe the harm that would come from keeping that behavior vs changing it as you describe above? I guess I don't see how it's a "backdoor".

Best regards,
-Karl

Reply via email to