http://slashdot.org/comments.pl?sid=490740&cid=22792056 :

Nearly there.

Always treat code as hostile.

Defense in depth, capabilities, least privilege, fail closed, scrub inputs, escape everything ... I think there have been a few books written on this.

In PHP's case this fellow's slender volume is quite helpful: http://phpsecurity.org/ [phpsecurity.org] . And http://noscript.net/ [noscript.net] .

g'luck!

http://slashdot.org/comments.pl?sid=490740&cid=22792204 :

I agree with your argument but none of your examples. :/

SVN's behaviour with respect to passwords is quite well documented and oft-discussed. If you have the magic bullet answer by all means please provide it in a patch.

(Hint: some OS have secure password storage systems, but none of the m use the same one. Second hint: passwords, particularly any that get sent over the wire in any form, are crap. Oh, just look here: http://subversion.tigris.org/faq.html#ssh-auth-cache [tigris.org] )

Current Music: Tina Arena - Chains (S&M Mix)