I could not agree more. I am evaluating versions and cornerstone, and I cannot get a repository bookmark (why change the name, I hate that, its a repository!!) connected to my own SVN server. In tortoise, it would take my 5 seconds. BAck to Cornerstone for now.
On Tuesday, April 21, 2009 1:52:42 PM UTC-7, Quinn Taylor wrote: > > I know the merit of including the username in the repository URL when > setting up a repository bookmark has already been debated (and I'm > still against it, though not so much so that it's worth quarreling > about at this point) but I just ran into an offshoot of this that is > truly annoying. > > I discovered that for working copies checked out with Versions, when > the repository requires authentication, the username is hard-coded in > the URL for the working copy. That is to say, using `svn info` from > the command line shows URLs of the form > http://[email protected]/repository/path > . When I want to copy/paste the URL of a specific resource to send it > to someone, this adds a step of removing the username and "@" sign, > and it makes the URL longer unnecessarily. This *might* even be viewed > as a security liability, since if an attacker is able to see the > username in the URL, they know a valid login for which they can guess > passwords. (I'm aware that the last changed author is also shown by > svn info, but I use custom scripts that parse out the root and > resource URLs for me in a convenient form without showing anything > else.) > > I would strongly suggest that this behavior be changed, and that the > username be passed with the --username option (or whatever the > equivalent is for the SVN API). I have the same beef with Xcode — they > also put the username in the URL on checkout, and I'm filing a bug > against that as well. > > Thanks, > - Quinn > > -- You received this message because you are subscribed to the Google Groups "Versions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/versions. For more options, visit https://groups.google.com/groups/opt_out.
