[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Re: Setting location of auth cache - securing stored passwords

From: Andy Levy <andy.levy_at_gmail.com>
Date: Wed, 5 Aug 2009 13:57:00 -0400

On Wed, Aug 5, 2009 at 12:58, Zoltan Megyesi<cherry_at_ludens.elte.hu> wrote:
> Thanks for the answer.
>> The password should be encrypted already in that location using the
>> Windows Crypto API (assuming you're using a sufficiently recent
>> release of Subversion/TSVN).
> That is unfortunately not enough. Many reasons, including: it is easier to break the weak or non-existent user passwords, laptops can be stolen, etc..

Weak/non-existent user passwords are a policy & human problem, not a
Subversion configuration concern.

Stolen laptops - again, a password for your repository should be the
least of your worries at that point. If this is a major concern, you
should be using full-disk encryption and/or not allow ANY sensitive
data to be stored on laptops.

> More importantly we want to control the safety of specific repositories our way.

Repository security is a server consideration, not client. If a user's
SVN password is compromised, they still need to gain access to your
repository (if they have to get connected to the VPN first, they can't
get to your repository) to do anything with it. And that doesn't
address the concerns of someone having access to the checked-out
contents - see above re: sensitive data on laptops, full-disk
encryption, etc.

In short, Subversion assumes that you can adequately secure your
system & user account without resorting to "reconfiguring" Subversion.

>> You should be more concerned with the
>> password storage on the server and over the wire; depending on how
>> your server is configured, they may be stored & transmitted in
>> plaintext there.
> I am concerned, but these are issues for a different topic.
> Currently I need to place the cache to a different location, but I could not set cache location in the client settings. I hoped there were some configuration options for this. They would be useful. (I could avoid modifying %appdata%)

You'll need to compile your own version of the Subversion libraries
and distribute your own SVN client(s) to your users. While
simultaneously prohibiting them from using the "vanilla" client.

You could also prevent people from caching passwords in the first
place by editing %APPDATA%\Subversion\config (the [auth] section), but
you can't stop them from reverting it back to caching.


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2009-08-05 19:57:17 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.