[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Feature request: Disable ssl prompting in "servers" for better security

From: Ben Reser <ben_at_reser.org>
Date: 2005-03-01 05:30:18 CET

On Tue, Dec 21, 2004 at 01:11:38AM +0000, Tom Martin wrote:
> Hello!
> Background:
> We've encountered the following security problem in our company.
> Our repository (containing sensitive data) lives on an dynamic IP.
> Now, one developer connected to a wrong (out-of-date) IP,
> and for accident at this time there was a different host having this IP.
> The svn client (TSVN) popped up the "fingerprint has changed" warning;
> but it seems that many developers (as in this case) simply
> click "ok" onto such buttons not taking such a warning seriously.
> This seems to be a wide-spread behaviour especially for windows-users
> using GUI frontends.
> As consequence, he tried to connect to the wrong server.
> In this case this was no problem because this server had no repository
> on the same location; but "bad guys" might use this for fetching confidental
> data sent by the svn client to the wrong host.
> As often, at the end the human being is the most serious security hole.
> But if there possibilities to protect against lazy users, this is a good
> idea.
> Proposal:
> A new boolean config entry "ssl-no-promt" for the "servers" config file.
> If the ssl host cannot be authenticated using "ssl-authority-files",
> the svn client fails without promting.
> In contrast to implementing such a feature to each individual svn client,
> this feature automatically would affect all clients.

Sounds like a good idea to me. I realize a lot of people didn't support
this. But this is similar to the StrictHostKeyChecking yes which I use
in ssh myself. Please file an enhancement issue for this.

Ben Reser <ben@reser.org>
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Mar 1 05:32:04 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.