On 07/04/14 04:47, Gabriela Gibson wrote:
This is a summary of Ben's reply:
Ben Reser wrote on Thu, Jul 03, 2014 at 12:54:58 -0700:
> 1) Remove the option.
> 2) Redact the password in the argv after starting up and finding the
> bits to redact.
3) Allow the password to be supplied over stdin using the special value "-".
Nobody will see the password. The only leak is that a password has been
supplied using stdin. An attacker will have to convince the calling
application to run something different than svn which logs the password
to a file.
This can ofcourse be combined with 2).
- Martin
