Paul Ossenbruggen wrote:
> Cool ideas everyone, although each seems to have tradeoffs.
>
> The svn+ssh approach is cool, although we would give up the Active
> Directory integration. One of the things that is great about svn https
> is that we are using Active Directory which was requested by the
> security guy. This centralizes access so that we only have one place to
> go when we want to remove access to a resource.
I haven't done it myself, but I'd be surprised if there wasn't a way to gat
PAM (and therefore ssh, and therefore svn+ssh) authenticating against the
AD.
> For the person who asked if we used cvs, no we used Perforce. I doubt
> that is more secure than svn. Even having the passwords, hashed or
> something might be better than complete plain text. Security Guy is
> worried about someone running over to a machine after someone went to
> go for a break, looking in the files and getting the cleartext. Perhaps
> a hash like cvs would be better but I am sure he still would not be
> completely satisfied with that. That would a least prevent someone from
> accessing another computer with that password because the hash would
> only work with svn.
CVS doesn't use a hash, it uses a trivial obfuscation which can be easily
reversed.
Max.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Aug 26 10:19:43 2004