[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Re: Setting location of auth cache - securing stored passwords

From: Ryan J Ollos <ryano_at_physiosonics.com>
Date: Thu, 24 Dec 2009 01:24:56 -0800 (PST)

Seems this message existed on Nabble, but no longer on the Tigris mailing
list. Full quote of message I was replying to is below.

Andy Levy wrote:
> On Wed, Aug 5, 2009 at 12:58, Zoltan Megyesi<cherry_at_ludens.elte.hu> wrote:
>> Thanks for the answer.
>>> The password should be encrypted already in that location using the
>>> Windows Crypto API (assuming you're using a sufficiently recent
>>> release of Subversion/TSVN).
>> That is unfortunately not enough. Many reasons, including: it is easier
>> to break the weak or non-existent user passwords, laptops can be stolen,
>> etc..
> Weak/non-existent user passwords are a policy & human problem, not a
> Subversion configuration concern.
> Stolen laptops - again, a password for your repository should be the
> least of your worries at that point. If this is a major concern, you
> should be using full-disk encryption and/or not allow ANY sensitive
> data to be stored on laptops.
>> More importantly we want to control the safety of specific repositories
>> our way.
> Repository security is a server consideration, not client. If a user's
> SVN password is compromised, they still need to gain access to your
> repository (if they have to get connected to the VPN first, they can't
> get to your repository) to do anything with it. And that doesn't
> address the concerns of someone having access to the checked-out
> contents - see above re: sensitive data on laptops, full-disk
> encryption, etc.
> In short, Subversion assumes that you can adequately secure your
> system & user account without resorting to "reconfiguring" Subversion.
>>> You should be more concerned with the
>>> password storage on the server and over the wire; depending on how
>>> your server is configured, they may be stored & transmitted in
>>> plaintext there.
>> I am concerned, but these are issues for a different topic.
>> Currently I need to place the cache to a different location, but I could
>> not set cache location in the client settings. I hoped there were some
>> configuration options for this. They would be useful. (I could avoid
>> modifying %appdata%)
> You'll need to compile your own version of the Subversion libraries
> and distribute your own SVN client(s) to your users. While
> simultaneously prohibiting them from using the "vanilla" client.
> You could also prevent people from caching passwords in the first
> place by editing %APPDATA%\Subversion\config (the [auth] section), but
> you can't stop them from reverting it back to caching.
> ------------------------------------------------------
> http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2380569
> To unsubscribe from this discussion, e-mail:
> [users-unsubscribe_at_tortoisesvn.tigris.org].

View this message in context: http://old.nabble.com/Setting-location-of-auth-cache---securing-stored-passwords-tp24823690p26911796.html
Sent from the tortoisesvn - users mailing list archive at Nabble.com.
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2009-12-24 10:25:00 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.