[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn caches password in local directory

From: Olivier Sannier <obones_at_free.fr>
Date: 2005-06-09 09:06:33 CEST

Adrian Hoe wrote:

> Hi,
>
> Thanks to subversion users community and I have now a working
> subversion on both svn and svn+ssh.
>
> There comes another problem, the security issues. The root of the
> problem is that my company wants to separate internal staff access
> from external (interns) access. By creating a login account on the
> server in order to access via svn+ssh means the interns will have
> access to ssh and sftp etc to the entire server. By using svn, that
> limits external access to subversion only.
>
> Now, svn stores users information including realms and passwords
> (unencrypted) in a text file in folder ~/subversion/auth/svn.simple.
>
> The user will only need to login once via svn. Subsequent access (e.g.
> svn co) will not require password because svn reads the password from
> the text file.
>
> Why doesn't subversion encrypt the password on local file(s)?
>
> Is there a way to overcome this security issue?
>
> Tia.
>
> --
>
> "If you missed the rising sun and the morning dew, don't miss the
> beautiful sunset." -- Adrian Hoe inspired by Michal Nowak, June 15 2004
>
> http://adrianhoe.com
>
AFAIK, it is possible in svn 1.2.0 to indicate that you want the
password encrypted, at least under Win32.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jun 9 09:03:54 2005

This is an archived mail posted to the Subversion Users mailing list.