[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve passwd plaintext

From: gmu 2k6 <gmu2006_at_gmail.com>
Date: 2006-07-16 11:50:28 CEST

On 7/16/06, Nico Kadel-Garcia <nkadel@comcast.net> wrote:
>
> ----- Original Message -----
> From: "gmu 2k6" <gmu2006@gmail.com>
> To: "Duncan Murdoch" <murdoch@stats.uwo.ca>; <users@subversion.tigris.org>
> Sent: Saturday, July 15, 2006 1:17 PM
> Subject: Re: svnserve passwd plaintext
>
>
> > and this is the place where I say I will whip up a little script to do
> > it automatically
> > without editing passwd by hand and then sending the user the password per
> > mail.
> > depending on how long it will take for SASL to be included in an
> > official release I
> > might as well implement some cron-job which checks for the passwd's
> > each creation timestamps and after 30/60/90days changes that one
> > password for that user and mails the new one. I like this solution.
>
> Could you do it in Webmin? Webmin could resally use some modules for
> handling Subversion, and this might be a nice little project for it.

sorry, but I don't want to have any sort of http-daemon running at
all. actually I also have OpenSSH running and that together with
svnserve is enough of an attack vector besides the ineviatable but
securable tcp/ip stack itself.
running too many services on one box is not good, security and performance-wise.
I'm trying to keep both Dual-Core CPUs free for all the hard work
svnserve does when updating/committing (actually I'm happy svnserve
can saturate the CPU but this naturally does not leave much space for
additional services).

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Jul 16 11:51:34 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.