Roland Schwingel wrote:
>
>
>Hi....
>
>As of the fact being back from honeymoon, I started out again to migrate my
>CVS to SVN. I updated to 0.29 and added authentication to httpd for svn.
>This works very well...
>
>BUT: I encountered that subversion client stores my passwords in
>*CLEARTEXT* in ~/.subversion/auth/svn.simple/<some_file>. This is IMHO not
>so nice. Storing of passwords is ok, so that it can remember it for
>subsequent use, but it should encrypt the stored password in someway that
>only subversion can use it again...
>
>
Which mechanism of 'encryption' would you suggest? rot13? base64 encoding?
The password can be 'disguised', but anything the subversion program can
do to undesguise the password, someone with access to the .subversion
directory and subversion binary can do as well. The cleartext password
is required for plain authentication.
The only feasable 'secure' mechanism would be to require HTTP digest
authentication, and to store the A1 digest instead of plaintext
password. Even then, someone with access to your .subversion directory
could use that digest to log onto servers listed in your password cache.
My suggestion is to rely on filesystem-level security to protect the
password files. If you want to defend against really stupid attackers
who don't know how to do google searches, promote base64 - this is what
the vast majority of 'encrypted' passwords for network-enabled apps are,
because they still have to 'decrypt' to plaintext. If you cannot rely on
filesystem-level security, don't store passwords to disk.
(Sorry if this came off as a rant, this same thread has come up three
times now this week on different mailing lists I subscribe to. Believe
it or not, I edited this post down... twice.)
-David Waite
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Sep 19 10:57:38 2003