[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Credentials held unencrypted in memory during runtime

From: Ron Wilson <ronw.mrmx_at_gmail.com>
Date: Tue, 12 Apr 2011 10:50:06 -0400

On Mon, Apr 11, 2011 at 1:26 PM, Stefan Küng <tortoisesvn_at_gmail.com> wrote:
> And if you can execute code, you can just read out *all* passwords from
> the encrypted auth file Subversion creates. All you need is the SVN
> source code to find out how SVN itself decrypts that file and do the same.
> And with that, you have *all* passwords for *all* your repositories, not
> just the one currently used in the still running process.

If this is truly the case, then SVN is not implemted correctly.
However, that would be for a different mail list.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719115

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-12 16:50:13 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.