[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Re: user authentication

From: Krebs, Steven <steven.krebs_at_intel.com>
Date: 2004-11-15 23:27:50 CET

Max Bowsher writes:

>> P.S. - While on the topic of security - I'll also mention that
caching the
>> users password in clear text is a serious issue on a Windows machine.

>How else would you store it?

You could store it in an encrypted file that uses the logged in user's
Win32 security identifier (SID) as the encryption/decryption key. I
realize this is not completely secure with open source, but it adds a
layer of protection. Others may have better ideas...

The problem with plain text in a windows environment is as follows:

Security on Win32 using a domain: Domain Admins are only allowed to
reset passwords, they cannot see what the current password is (the way
it should be). I don't want to discuss physical access and crack tools
here.

With subversion, the passwords are stored in plain text in the user's
profile area here: C:\Documents and Settings\<username>\Application
Data\Subversion\auth\... This directory is accessible by the user and
all *local admins*.

If two users share a system (in my case this would be a shared lab
system), often both users may be granted local admin access privileges
on that system (example: for install testing purposes).

Subversion's plain text password files make it easy for anyone with
local admin access to see what a user's current svn password is. If
the svn password is synchronized with the user's Win32 domain password,
it is a BIG security hole (On my team we have different passwords for
svn to prevent this).

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Nov 15 23:28:16 2004

This is an archived mail posted to the Subversion Users mailing list.