[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: SVN Password stored in Plaintext!!!!

From: Robert Simmons <kraythe_at_arcor.de>
Date: 2004-09-23 22:52:10 CEST

Well, I don’t know about this agent stuff. However, if you want to preserve
logins so the user doesn’t have to login again, why not do something like a
certificate. *shrug* I just know that SVN is not the only program that has
this problem. Unix has been dealing with such a thing for ssh for 20 years
at least and have solved it somehow.

I would think this should be a major issue for corporations intending to use
subversion.

-- Robert

> -----Original Message-----
> From: Olaf Hering [mailto:olh@suse.de]
> Sent: Thursday, September 23, 2004 19:33
> To: Jani Averbach
> Cc: kraythe@arcor.de; dev@subversion.tigris.org
> Subject: Re: SVN Password stored in Plaintext!!!!
>
> On Thu, Sep 23, Jani Averbach wrote:
>
> > On 2004-09-23 19:07+0200, Olaf Hering wrote:
> > > On Thu, Sep 23, kraythe@arcor.de wrote:
> > >
> > > > One thing I noted while browsing through my subversion profile is
> that the passwords for my subversion access are stored in a file in
> plaintext! This is something that I dfind disturbing. How much trouble
> would it be to encrypt them and then have the server accept an encrypted
> version of the password? It would be really cool if companies could
> install their pgp key on their subversion server in order to do the
> encryption.
> > >
> > > I have a job opportunity for you:
> >
> > If you accept that offer, please take look of that thread:
> >
> > Subject: [PATCH] default to --no-auth-cache
> > Date: Tue, 14 Jan 2003 22:23:16 +0100
> > Message-ID: <3E247FC4.7020205@xbc.nu>
> > http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=29065
>
> so, someone already did the work? Good.
> Our guys did not find the svn-agent in the 1.0.x documentation.
> I dont see it in the 1.1.x filelist.
>
> I hope you understand how ssh-agent works.
>
> --
> USB is for mice, FireWire is for men!
>
> sUse lINUX ag, nÜRNBERG

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Sep 23 23:07:15 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.