On 11/10/2016 05:15 PM, maxwell wrote:
We've had problems in the past in logging into our SVN server using the
WebDAV plugin, when someone mistypes their password. From what we can
tell, it appears that XXE keeps re-trying the same bad password ten
tries, and our server locks them out (it's set to lock out an account
that uses invalid passwords after five or so consecutive tries). The
specific error msg that comes from mistyping a password is:
Cannot connect to
<our svn server>
Bug in authorization handling; server refused
the given info 10 times
(I think this error msg originates from Java, see
http://codenav.org/code.html?project=/net/sf/grinder/grinder-httpclient/3.8&path=/Source%20Packages/HTTPClient/AuthorizationModule.java.
IMO that's a good example of bad coding, namely hard-coding an
arbitrary value in. Of course that's a problem internal to Java, not
s.t. that you guys at XMLmind created.)
We thought perhaps the DXXE_CONFIRM_CREDENTIALS_DELAY setting described
here
http://www.xmlmind.com/xmleditor/_distrib/doc/help/system_properties.html
would help. It's not entirely clear to me where this property gets set,
but the "Description" column on that page shows this:
-DXXE_CONFIRM_CREDENTIALS_DELAY=1000
So I tried starting up XXE using that as a command line parameter. But
XXE gives a usage error msg saying that this is an "unknown option".
Indeed the only preferences options the error msg lists are -putprefs,
-putpref, and -delpref, while the only authentication option is -auth.
I'm guessing that DXXE_CONFIRM_CREDENTIALS_DELAY is also not an
environment variable, as these are listed on a separate page of the
documentation.
How does one set this DXXE_CONFIRM_CREDENTIALS_DELAY variable?
You guessed it right. XXE_CONFIRM_CREDENTIALS_DELAY is a system
property, not an environment variable. It's so low level that it does
not deserve being promoted to an easy-to-set an environment variable.
You must use a text editor and edit one of the following files depending
on the way you use to start XXE:
--> On Linux/Mac/Unix: XXE is started using shell script
XXE_install_dir/bin/xxe.
Edit xxe and add:
-DXXE_CONFIRM_CREDENTIALS_DELAY=1000
just before -DXXE_GUI="$XXE_GUI" (on the same line).
--> On Windows: XXE is generally started using
XXE_install_dir/bin/xxe.exe which is configured using text file
XXE_install_dir/bin/xxe.jstart.
Edit xxe.jstart and add a line containing:
-DXXE_CONFIRM_CREDENTIALS_DELAY=1000
before the line containing:
-DXXE_GUI="%XXE_GUI%"
--> On Windows: It's also possible to start XXE using BAT file
XXE_install_dir/bin/xxe-c.bat
Edit xxe-c.bat and add:
-DXXE_CONFIRM_CREDENTIALS_DELAY=1000
just before -DXXE_GUI="%XXE_GUI%" (on the same line).
And is it likely to fix the problem we're having with mistyped passwords?
I've retested this system property and it works. I mean, it really has
the effect described here:
XXE_CONFIRM_CREDENTIALS_DELAY,
http://www.xmlmind.com/xmleditor/_distrib/doc/help/system_properties.html
In a nutshell,
* When XXE_CONFIRM_CREDENTIALS_DELAY is set to say 1000ms, a user who
types an incorrect password is prompted to retype her/his password.
* When XXE_CONFIRM_CREDENTIALS_DELAY is not set, a user who types an
incorrect password just gets error:
---
Cannot connect to ... server refused the given info 10 times
---
So I encourage you to give it a try, because setting it may solve your
problem.
Essentially, what we want it to do is, if the server refuses the
credentials, give up after the first try.
If setting XXE_CONFIRM_CREDENTIALS_DELAY does not work, I would suggest
that you contact your IT staff and ask them to configure your SVN server
to lock out an account that uses invalid passwords after 20 consecutive
tries. 5 tries is definitely not enough (an SVN server is not an ATM).
--
XMLmind XML Editor Support List
xmleditor-support@xmlmind.com
http://www.xmlmind.com/mailman/listinfo/xmleditor-support
