Avoid using the --password switch with subversion for security purposes (closes #9304)

git-svn-id: http://svn.rubyonrails.org/rails/tools/capistrano@7379 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2023-03-27 23:21:18 -04:00 · 2007-08-30 15:02:53 +00:00 · 2007-08-30 15:02:53 +00:00 · 095b4253c5
commit 095b4253c5
parent d257a6c1bf
2 changed files with 9 additions and 7 deletions
--- a/2
+++ b/2
@ -1,5 +1,7 @@
 *SVN*

+* Avoid using the --password switch with subversion for security purposes [sentinel]
+
 * Add version_dir, current_dir, and shared_dir variables for naming the directories used in deployment [drinkingbird]

 * Use Windows-safe binary reads for reading file contents [fukas78]
--- a/lib/capistrano/recipes/deploy/scm/subversion.rb
+++ b/lib/capistrano/recipes/deploy/scm/subversion.rb
@ -81,14 +81,14 @@ module Capistrano

        private

-          # If a username or password is configured for the SCM, return the
-          # command-line switches for those values.
+          # If a username is configured for the SCM, return the =command-line
+          # switches for that. Note that we don't need to return the password
+          # switch, since Capistrano will check for that prompt in the output
+          # and will respond appropriately.
          def authentication
-            auth = ""
-            auth << "--username #{variable(:scm_username)} " if variable(:scm_username)
-            auth << "--password #{variable(:scm_password)} " if variable(:scm_password)
-            auth << "--no-auth-cache" if !auth.empty?
-            auth
+            username = variable(:scm_username)
+            return "" unless username
+            "--username #{variable(:scm_username)} --no-auth-cache "
          end

          # If verbose output is requested, return nil, otherwise return the