This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
Summary: | Insecure storage of VCS passwords | ||
---|---|---|---|
Product: | versioncontrol | Reporter: | Jesse Glick <jglick> |
Component: | Code | Assignee: | Ondrej Vrabec <ovrabec> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 6.x | ||
Hardware: | All | ||
OS: | All | ||
Issue Type: | DEFECT | Exception Reporter: | |
Bug Depends on: | 173413 | ||
Bug Blocks: |
Description
Jesse Glick
2009-12-04 13:12:13 UTC
lib.cvsclient also seems to use Scrambler. fix in mercurial: http://hg.netbeans.org/cdev/rev/873b947667c1 Integrated into 'main-golden', will be available in build *201001060200* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress) Changeset: http://hg.netbeans.org/main/rev/873b947667c1 User: Ondrej Vrabec <ovrabec@netbeans.org> Log: Issue #178167 - Insecure storage of VCS passwords Should be able to delete Scambler.scramble method. fix in subversion: http://hg.netbeans.org/cdev/rev/6f4aff59c8a9 Integrated into 'main-golden', will be available in build *201001120200* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress) Changeset: http://hg.netbeans.org/main/rev/6f8ce8ecd1e1 User: Ondrej Vrabec <ovrabec@netbeans.org> Log: Issue #178167 - Insecure storage of VCS passwords unused scramble method fix in cvs: http://hg.netbeans.org/cdev/rev/0811e3fb5615 Integrated into 'main-golden', will be available in build *201001131418* on http://bits.netbeans.org/dev/nightly/ (upload may still be in progress) Changeset: http://hg.netbeans.org/main/rev/0811e3fb5615 User: Ondrej Vrabec <ovrabec@netbeans.org> Log: Issue #178167 - Insecure storage of VCS passwords do not persist passwords in a file, using Keyring API instead fixed in all versioning systems.
> you should use the standard ~/.subversion/ dir only
We can't, we need to add some directives to config file ourselves and write it directly to the system config file is a bad idea, IMHO. We need to pass e.g. proxy configuration, tunnel info, etc.
If you still think it should be handled in other way, open another issue in the subversion module.
|