Re: Credentials Caching - Security Guy Not Happy

On Aug 25, 2004, at 7:00 PM, Paul Ossenbruggen wrote:

> For the person who asked if we used cvs, no we used Perforce. I doubt that is more secure than svn. > Even having the passwords, hashed or something might be better than complete plain text. Security
> Guy is worried about someone running over to a machine after someone went to go for a break, looking > in the files and getting the cleartext. Perhaps a hash like cvs would be better but I am sure he
> still would not be completely satisfied with that. That would a least prevent someone from accessing > another computer with that password because the hash would only work with svn.

This is perhaps a bit tangential, but it seems to me that if Security Guy is that concerned about physical access to workstations, there are other measures that should be enforced rather than just laying the burden on Subversion - it's not like Subversion is the only "sensitive" tool that might be in use on a workstation. Locking your session before you leave for a break or what have you is a good first step...

Based on my own usage patterns, I would find it highly annoying to be typing in my username and password every time I touched my repository. Granted, on some days you may not hit it much at all, but on days when you do, it's just another niggly thing that gets in your way at the most inopportune moment..

Cheers,
b

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Aug 26 04:49:22 2004