[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Credentials held unencrypted in memory during runtime

From: Ron Wilson <ronw.mrmx_at_gmail.com>
Date: Wed, 13 Apr 2011 01:48:06 -0400

On Tue, Apr 12, 2011 at 7:54 PM, David Huang <khym_at_azeotrope.org> wrote:
> Well, then we're back to Stefan's question of how you think it could be improved.
> Earlier, you had suggested using a session key that perhaps could last through
> the work day, but I assume that means you'd need to reauthenticate when the
> session expired, so that's not going to work.

How long before the entries expire is a matter of the policy of your
work environment. If your environment's policy allows the cache to
never expire, then that's what works for your environment. The OP
clearly had concerns, which probably were driven by his environment's
policy.

In our environment, our repositories (and everything else on our
servers) are protected by time limited passwords, so what the SVN/TSVN
credentials cache does doesn't matter. When I do a commit (or other
operation), the password I enter is good for 15 minutes. After that, I
have to enter a new password. (The system is setup to prevent
expiration in the middle of a series of back-to-back operations. I
have no idea how this is done, other than it is completely external to
SVN.)

Before you say "If you have all that, why are you asking for (T)SVN to
do more?" (1) I am not. The OP was/is. (2) The more layers of
protection, the better.

As for the potential for malware to enter our PCs, we each have 2 PCs:
A development PC and a "$300 email checker" PC. They are on different
LANs in our office with no direct communication. There is a gateway
that allows pure text files to be sent between the 2 LANs. Of course
the development LAN does not have internet access.

Is all this a pain? Yes.
Is this anywhere near perfect? No. Not even remotely.
Is it worth it? Yes.

As usual, your mileage may vary.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719308

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-13 07:48:14 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.