views:

37

answers:

2

Hello,

I'm using System.Diagnostics.Process to execute an svn command from a windows console application. This is the configuration of the process:

svn.StartInfo.FileName = svnPath;
svn.StartInfo.Arguments = string.Format("copy {0}/trunk/ {0}/tags/{1} -r head -q --username {3} --password {4} -m \"{2}\"", basePathToRepo, tagName, message, svnUserName, svnPassword);
svn.StartInfo.UseShellExecute = false;
svn.Start();
svn.WaitForExit();

My problem is that those arguments, which include the svn credentials, are sent (I suppose) in an unsecure way.

Is there a way to send these arguments in a secure way using the Process class?

Thanks!

+1  A: 

send where? they are passed from your code to WinApi. it is in-memory operation, it is secure enough.

Andrey
+1 for secure enough, it's far more likely the SVN credentials would be taken from inside your application directly as opposed to trying to intercept that shell execution.
Chris Marisic
write your own svn.exe that captures data.... and here all security ends. but it is not about Process class
Andrey
+1  A: 

This is using the standard command line mechanism, which is going to be the same as any other method. There is no "secure" way to send a command line argument to a program, as it's just a standard process.

That being said, this is going to only be accessible locally, since you're running this in the local user's account already. This is just as secure as having the user type this into a Command Prompt window...

Reed Copsey
You're right... thanks a lot to get me out of the confussion.
Sebastian