Re: Credentials held unencrypted in memory during runtime

From: Kevin Radke <kmradke_at_gmail.com>
Date: Wed, 13 Apr 2011 21:23:18 -0500

On 4/13/2011 11:27 AM, Ron Wilson wrote:
> On Wed, Apr 13, 2011 at 1:41 AM, Andrew<agaspar_at_odecee.com.au> wrote:
> The organisation that I am currently working for has also found this
> security issue, and
>> being a financial organisation we are considering not allowing our developers to use
>> tortoise SVN.
>
> As an altarnative, the server can be setup to use time limited
> passwords. This will render any cached credentials invalid after some
> reasonable lngth of time, typically 5 minutes to 15 minutes.
>
> You company's IT people should know how to do this.

With a properly configured server, Subversion fully supports Kerberos.
This will require no passwords cached on the client and will
transparently checkout the needed tickets on Windows...

Kevin R.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719636

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-14 04:23:30 CEST

This message: [ Message body ]
Next message: Jean-Yves Avenard: "Compiling TortoiseSVN with VS2010"
Previous message: Dale McCoy: "Re: wrong issue"
In reply to: Ron Wilson: "Re: Credentials held unencrypted in memory during runtime"
Next in thread: Wayne Johnson: "RE: Credentials held unencrypted in memory during runtime"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]