[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Feature request: Disable ssl prompting in "servers" for better security

From: Tom Martin <tommartin687_at_hotmail.com>
Date: 2004-12-21 02:11:38 CET



We've encountered the following security problem in our company.
Our repository (containing sensitive data) lives on an dynamic IP.
Now, one developer connected to a wrong (out-of-date) IP,
and for accident at this time there was a different host having this IP.
The svn client (TSVN) popped up the "fingerprint has changed" warning;
but it seems that many developers (as in this case) simply
click "ok" onto such buttons not taking such a warning seriously.
This seems to be a wide-spread behaviour especially for windows-users
using GUI frontends.
As consequence, he tried to connect to the wrong server.
In this case this was no problem because this server had no repository
on the same location; but "bad guys" might use this for fetching confidental
data sent by the svn client to the wrong host.
As often, at the end the human being is the most serious security hole.
But if there possibilities to protect against lazy users, this is a good


A new boolean config entry "ssl-no-promt" for the "servers" config file.
If the ssl host cannot be authenticated using "ssl-authority-files",
the svn client fails without promting.
In contrast to implementing such a feature to each individual svn client,
this feature automatically would affect all clients.



Don't just search. Find. Check out the new MSN Search!

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Dec 21 02:13:32 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.