subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johan Corveleyn <>
Subject Re: svn Farm
Date Tue, 19 Oct 2010 09:18:20 GMT
On Tue, Oct 19, 2010 at 9:46 AM, Stephen Connolly
<> wrote:
> Exposing the feature would not in an of itself force the client to use
> the keyring, but it would allow the server to have a start-commit hook
> that blocked a commit if the user had plaintext password storage
> enabled...

Just keep in mind that alerting users with start-commit hook only
works for users that actually commit of course. You won't reach users
that merely checkout/update/log/blame/...

It might be a better solution to implement this check in a lower
level, in the ra-protocols (naïvely, e.g. with http(s): client sends
with every request a header announcing the way it stores its
password). Of course, you'd like to do this without adding too much
overhead (handshaking, ... for every tiny request that the client
makes to the server). Maybe there is already some functionality
present for protocol/feature negotiation, I don't know ...

Just my 0.02€


View raw message