svn caches password in local directory

From: Adrian Hoe <mailbox_at_adrianhoe.com>
Date: 2005-06-09 05:36:33 CEST

Hi,

Thanks to subversion users community and I have now a working
subversion on both svn and svn+ssh.

There comes another problem, the security issues. The root of the
problem is that my company wants to separate internal staff access
from external (interns) access. By creating a login account on the
server in order to access via svn+ssh means the interns will have
access to ssh and sftp etc to the entire server. By using svn, that
limits external access to subversion only.

Now, svn stores users information including realms and passwords
(unencrypted) in a text file in folder ~/subversion/auth/svn.simple.

The user will only need to login once via svn. Subsequent access
(e.g. svn co) will not require password because svn reads the
password from the text file.

Why doesn't subversion encrypt the password on local file(s)?

Is there a way to overcome this security issue?

Tia.

--
"If you missed the rising sun and the morning dew, don't miss the  
beautiful sunset." -- Adrian Hoe inspired by Michal Nowak, June 15 2004
http://adrianhoe.com

Received on Thu Jun 9 05:38:38 2005

This message: [ Message body ]
Next message: William Ferguson: "RE: Locking in SVN 1.2.0"
Previous message: Adrian Hoe: "Re: svn+ssh login"
Next in thread: Olivier Sannier: "Re: svn caches password in local directory"
Reply: Olivier Sannier: "Re: svn caches password in local directory"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]