[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Credentials held unencrypted in memory during runtime

From: Kevin Radke <kmradke_at_gmail.com>
Date: Wed, 13 Apr 2011 21:23:18 -0500

On 4/13/2011 11:27 AM, Ron Wilson wrote:
> On Wed, Apr 13, 2011 at 1:41 AM, Andrew<agaspar_at_odecee.com.au> wrote:
> The organisation that I am currently working for has also found this
> security issue, and
>> being a financial organisation we are considering not allowing our developers to use
>> tortoise SVN.
>
> As an altarnative, the server can be setup to use time limited
> passwords. This will render any cached credentials invalid after some
> reasonable lngth of time, typically 5 minutes to 15 minutes.
>
> You company's IT people should know how to do this.

With a properly configured server, Subversion fully supports Kerberos.
This will require no passwords cached on the client and will
transparently checkout the needed tickets on Windows...

Kevin R.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719636

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-14 04:23:30 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.