[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Obfuscate auth info

From: James Courtier-Dutton <James_at_superbug.co.uk>
Date: 2006-10-18 14:44:35 CEST

Fernandes, Filipe (Bolton) wrote:
> Hello Malcolm and SVN devs
> Malcolm Rowe wrote:
>> Hello list,
>> Background for people not at the summit: We discussed the
>> regularly-reported problem today about the Subversion client storing
>> plaintext auth info on Unix, and the response that elicits from users.
>> We all agreed that scrambling the password wouldn't add any security at
>> all, but we also had a vague consensus that as long as we made sure that
>> users didn't think the passwords _were_ encrypted, obfuscating them in
>> some way might not be objectionable, since not doing so aggravates some
>> people.
> I agree that a secure Linux box should effectively guard any plain text
> passwords stored in the .subversion folder from being read in the wild and
> if someone could, then you have bigger problems than simply having your
> password stored as plain text.
> But having said that, it's still an issue for me and it's not far enough
> that passwords are simply base64 encoded. Better, but not nearly as good
> as if they were encrypted.
> One problem that comes to mind is the backing up of the home directory for
> all users. Anyone with access to the tapes now has a list of passwords with
> access to the subversion servers, and worse if that password is used against
> an LDAP server for authentication.
> I know that you have to trust the people you work with and that their should
> be proper security over the backup tapes, but no system is perfect and
> encrypted passwords would do much to minimize problems like this.
> filipe
> ps: Having said that... if you all still disagree, I'd still rather have
> your patch go through for whatever that's worth ;)

Why not interface with ssh-agent, and get ssh-agent or an ssh-agent type
program to store the passwords. Then, the passwords are lost at each
reboot, and do not enter any backup tapes, so are only stored in memory
for the duration of the session.

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Oct 18 14:45:02 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.