[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Credentials held unencrypted in memory during runtime

From: Kevin Radke <kmradke_at_gmail.com>
Date: Wed, 13 Apr 2011 21:23:18 -0500

On 4/13/2011 11:27 AM, Ron Wilson wrote:
> On Wed, Apr 13, 2011 at 1:41 AM, Andrew<agaspar_at_odecee.com.au> wrote:
> The organisation that I am currently working for has also found this
> security issue, and
>> being a financial organisation we are considering not allowing our developers to use
>> tortoise SVN.
> As an altarnative, the server can be setup to use time limited
> passwords. This will render any cached credentials invalid after some
> reasonable lngth of time, typically 5 minutes to 15 minutes.
> You company's IT people should know how to do this.

With a properly configured server, Subversion fully supports Kerberos.
This will require no passwords cached on the client and will
transparently checkout the needed tickets on Windows...

Kevin R.


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-14 04:23:30 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.