[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: SVN Password stored in Plaintext!!!!

From: Robert Simmons <kraythe_at_arcor.de>
Date: 2004-09-24 05:31:39 CEST

Across a proxy, through a firewall and into a paranoid company?

Nay.

One of the charms of SVN is the apache and HTTPS access.

-- Robert

> -----Original Message-----
> From: Michael Brouwer [mailto:michael@tlaloc.net]
> Sent: Friday, September 24, 2004 05:21
> To: Robert Simmons
> Cc: dev@subversion.tigris.org
> Subject: Re: SVN Password stored in Plaintext!!!!
>
> Or you could access the repository using svn+ssh:// and use ssh-agent
> and ssh-add....
>
> Michael
>
> On Sep 23, 2004, at 1:52 PM, Robert Simmons wrote:
>
> > Well, I don’t know about this agent stuff. However, if you want to
> > preserve
> > logins so the user doesn’t have to login again, why not do something
> > like a
> > certificate. *shrug* I just know that SVN is not the only program that
> > has
> > this problem. Unix has been dealing with such a thing for ssh for 20
> > years
> > at least and have solved it somehow.
> >
> > I would think this should be a major issue for corporations intending
> > to use
> > subversion.
> >
> > -- Robert
> >
> >> -----Original Message-----
> >> From: Olaf Hering [mailto:olh@suse.de]
> >> Sent: Thursday, September 23, 2004 19:33
> >> To: Jani Averbach
> >> Cc: kraythe@arcor.de; dev@subversion.tigris.org
> >> Subject: Re: SVN Password stored in Plaintext!!!!
> >>
> >> On Thu, Sep 23, Jani Averbach wrote:
> >>
> >>> On 2004-09-23 19:07+0200, Olaf Hering wrote:
> >>>> On Thu, Sep 23, kraythe@arcor.de wrote:
> >>>>
> >>>>> One thing I noted while browsing through my subversion profile is
> >> that the passwords for my subversion access are stored in a file in
> >> plaintext! This is something that I dfind disturbing. How much trouble
> >> would it be to encrypt them and then have the server accept an
> >> encrypted
> >> version of the password? It would be really cool if companies could
> >> install their pgp key on their subversion server in order to do the
> >> encryption.
> >>>>
> >>>> I have a job opportunity for you:
> >>>
> >>> If you accept that offer, please take look of that thread:
> >>>
> >>> Subject: [PATCH] default to --no-auth-cache
> >>> Date: Tue, 14 Jan 2003 22:23:16 +0100
> >>> Message-ID: <3E247FC4.7020205@xbc.nu>
> >>> http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=29065
> >>
> >> so, someone already did the work? Good.
> >> Our guys did not find the svn-agent in the 1.0.x documentation.
> >> I dont see it in the 1.1.x filelist.
> >>
> >> I hope you understand how ssh-agent works.
> >>
> >> --
> >> USB is for mice, FireWire is for men!
> >>
> >> sUse lINUX ag, nÜRNBERG
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: dev-help@subversion.tigris.org
> >
> >

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Sep 24 08:25:38 2004

This is an archived mail posted to the Subversion Dev mailing list.