[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: plaintext passwords - my 0.02c

From: Paul J R <me_at_pjr.cc>
Date: 2006-07-19 04:26:34 CEST

One thing he didn't mention that also makes life hard for these guys is the
potential for someone to later "turn on" svnserve. Corporate security only
get involved to approve the use of a new piece of software or when an
intrusion occurs.

Now, while they will approve some software conditionally, they're also aware
that someone may see the software on the "approved use" list and just deploy
it (as they are allowed to) and ignore the conditions on that, which they
shouldn't, but its very hard for them to track that (20 or so corporate
security guys and hundreds of diverse environments).

Ssh was a good example of that, because of the whole port forwarding thing,
they saw this as a way of by passing firewalls (fair call), but ended up
approving it based on the fact it could be switched off and that even should
someone switch it on, its unlikely to cause significant levels of damage.

Unfortunately, my management don't really care a lot whether its svn that's
used or something else. Personally, I use svn at home for myself and think
its pretty good. To "management" a cheaper product is always fantastic, but
they cant over-ride the security group's call.

> -----Original Message-----
> From: Andy Levy [mailto:andy.levy@gmail.com]
> Sent: Wednesday, 19 July 2006 12:01 AM
> To: Samay
> Cc: Paul J R; users@subversion.tigris.org
> Subject: Re: plaintext passwords - my 0.02c
> On 7/18/06, Samay <getafix123@hotmail.com> wrote:
> >
> >
> > Paul,
> >
> > most are aware that subversion (mod_dav_svn) allows for single-sign-on
> which
> > is very well suited for security minded corporate environment and no
> > passwords are ever transmitted (when used with GSSAPI/Kerberos -
> > KrbMethodK5Passwd off) and no passwords are stored either. This should
> also
> > be possible to setup with svn+ssh with ssh (+ GSSAPI) although i have
> not
> > yet had need to test it.
> >
> > You will agree above is better thn having to store password clear text
> or
> > encrypted or encoded irrespective.
> >
> > so IMO, your conclusions are invalid and ur 0.02c worth not correct. If
> one
> > wants secure setup, they need to set it up secure, grounds up.
> Subversion
> > doesnt restrict you, infact it allows u to use security model best
> suited to
> > ur requirements.
> I think you've misread Paul's post. What I gathered from it was that
> while he's in support of Subversion, his management is not. Paul's
> management is of the (incorrect, IMHO) belief that because Subversion
> *allows* one to set the system up with plain-text passwords stored
> (using "naked" svnserve), there must be other security problems
> elsewhere in the code.
> IOW, because one feature of the system can't be trusted (protection
> passwords when using svnserve w/o ssh), the entire system cannot be
> trusted by Paul's management, even though one can use the system
> without even touching said feature.
> My snarky comeback to that is that I'll bet these same managers use IE
> with the default ActiveX settings, which is far worse than anything
> Subversion might expose them to.

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jul 19 04:27:56 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.