[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

svn caches password in local directory

From: Adrian Hoe <mailbox_at_adrianhoe.com>
Date: 2005-06-09 05:36:33 CEST


Thanks to subversion users community and I have now a working
subversion on both svn and svn+ssh.

There comes another problem, the security issues. The root of the
problem is that my company wants to separate internal staff access
from external (interns) access. By creating a login account on the
server in order to access via svn+ssh means the interns will have
access to ssh and sftp etc to the entire server. By using svn, that
limits external access to subversion only.

Now, svn stores users information including realms and passwords
(unencrypted) in a text file in folder ~/subversion/auth/svn.simple.

The user will only need to login once via svn. Subsequent access
(e.g. svn co) will not require password because svn reads the
password from the text file.

Why doesn't subversion encrypt the password on local file(s)?

Is there a way to overcome this security issue?


"If you missed the rising sun and the morning dew, don't miss the  
beautiful sunset." -- Adrian Hoe inspired by Michal Nowak, June 15 2004
Received on Thu Jun 9 05:38:38 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.