New feature request
43 views
Skip to first unread message
Raniero Bonelli
Jan 29, 2018, 4:17:41 AM1/29/18
to TortoiseSVN-dev
Hello, my company need implementing a new feature in tortoise, and we would like, if possibile, have this new feature in official tortoise package, of course not for free :-)
In which way we can proceed ?
Is there an official channel where to ask ?
In which way we can proceed ?
Is there an official channel where to ask ?
regards
Stefan
Jan 29, 2018, 2:17:06 PM1/29/18
to TortoiseSVN-dev
You should ask here on this list.
Start by describing the new feature - then we can determine whether the feature would require changes in TSVN only or in the svn library.
If it's in the svn library, you'd have to ask on the svn list for the feature.
Start by describing the new feature - then we can determine whether the feature would require changes in TSVN only or in the svn library.
If it's in the svn library, you'd have to ask on the svn list for the feature.
netm...@gmail.com
Feb 5, 2018, 6:29:15 AM2/5/18
to TortoiseSVN-dev
Hello Stefan, tnks for your answer.
Shortly, our internal security team asked us to move our svn server, exposed on the internet at the moment, behind a firewall that require a two-factor authentication: user and password, as usual, plus a 10-digit numeric pin that changes every 60 seconds.
Our change request for tortoisesvn concerns the possibility of inserting the third field, besides user and password, which allows us to "trepass" the 2FA of the firewall, and, obviously, disable credential saving.
Obviously we must also implement somethig that permit to tortoise to "dialogue" with the firewall to make it accept the user / password / 2FA values. FYI our firewall is a Fortigate.
Stefan
Feb 5, 2018, 3:54:07 PM2/5/18
to TortoiseSVN-dev
First:
disabling the auth cache in TSVN would lead to a horrible user experience. You'd have to enter your credentials several times for even simple commands and dialogs.
For example, many commands that you might think only do one thing actually contact the repository several times. Even for a simple update TSVN first asks the repository for the HEAD revision. Which means you'd have to enter your credentials twice for an update.
And the repo browser would be completely unusable because for every folder in the repository a separate request is made to the repository.
Second:
Since the firewall and the repository are not on the same IP, handling this would itself be very unsafe. Meaning while you try to make it more secure you open up another security issue. Not really the best way to do this.
Third:
If you would consider configuring your firewall so that once a user is authenticated subsequent connections won't require re-authentication for I'd say at least an hour, then this could be done without a change to TSVN: you could implement a pre-connect hook script/exe. TSVN calls such a script before every connection to the repository: you could show a dialog in that script where the user has to enter the code for the FW, authenticate on the FW and return from the script. Then the normal connection and authentication on the repository is done the usual way.
Reply all
Reply to author
Forward
0 new messages