[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Protection from ROOT

From: lamikr_mdk <lamikr_mdk_at_aragorn.kortex.jyu.fi>
Date: 2003-08-11 23:38:33 CEST

Yes something like this it should happen.
Unfortunately I do not know is there plugins available :-(
I have just subscriped to this mailing list in order to find out more
from the subversion. (Wondering whether it is stable enought that I
could but my project under it.)

Does anybody know does there exist any library/framework supporting the
secure authentication schema described below. (In addition I think it
would need a somekind of time label crypted inside the authentication
message)

Mika

Richard in Public wrote:
> This is exactly the sort of sequence that I had in mind... does this
> Subversion crypto-plugin exist? Searching Google, Subversion dev/user
> mail archives and the Subversion Guide reveal nothing. Would love to
> hear more!
>
> I'm also trying to figure out whether the encryption stage could be
> handled outside svn. Obviously, this means that all data is binary from
> an efficiency point of view - I'm guessing that minor pre-encryption
> changes became big post-encryption changes, causing large deltas?
>
> I'd have to do merging outside too, but that's not a big problem. Any
> obvious problems with this approach?
>
> lamikr_mdk wrote:
>
>> I think that is not neccessary true. How about following sequence?
>>
>> A) Saving data
>> --------------
>> 1) You connect to the server with ssh kind connection --> Data between
>> client and your server is crypted.
>> 2) You transfer some data to the application over ssh secured crypto
>> pipe to the subversion crypto-plugin.
>> 3) Subversion crypto-plugin crypts the data immediately with your
>> asymmetric public key to the servers database. (Data can be decrypted
>> only with your private key)
>>
>> B) Retrieving data
>> ------------------
>> 1) You connect to the server with ssh kind connection --> Data between
>> client and your server is crypted.
>> 2) You pass your private key for the subversion plugin over ssh
>> secured crypto pipe (Ie only subversion plugin can receive information
>> from your private key)
>> 3) Subversion crypto plugin encryptes the data in the server by using
>> your private key and sends it for you over ssh secured pipe
>>
>> Mika
>>
>>
>> Jerry Haltom wrote:
>>
>>> I suspose basic crytpgraphy comes into play here. If the encrypted data
>>> exists on a box, and the box must read from that data, as it would have
>>> to in order to access it. Then understandably the key itself must exist
>>> on the system. Accordingly, somebody who owns the system has access to
>>> all of that. End of story!
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
>> For additional commands, e-mail: users-help@subversion.tigris.org
>>
>>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Aug 11 23:39:24 2003

This is an archived mail posted to the Subversion Users mailing list.