RE: plaintext passwords - my 0.02c

I'm with you, Paul. Subversion *is* a hard sell to folks with 'Security'
in their job titles.

The FAQ entry on plaintext passwords is probably the single biggest deal
breaker for many serious security reviews. Read it.

http://subversion.tigris.org/faq.html#plaintext-passwords

I'm focusing solely on what the FAQ says, not whether it is correct or
up to date. Here's a summary of what it says to a cynical, paranoid,
risk-mitigation kind of guy whose job it is to say "No" -- you know the
type.

1. Trust the OS to protect the data. Sure, until the OS is compromised,
as if that never happens. These developers sound like rank amateurs on
security matters.

2. If you don't want passwords stored in plaintext, you have the option
of not storing passwords at all. Bad options lead to bad decisions:
given the opportunity to choose the lesser of two evils, people often
choose the path of least resistance regardless of the evil involved. Not
good.

3. Aw, heck, all my friends are doing it, worse actually, so what's the
problem? The fallacy here is no one said that CVS set the security
standard for Subversion to match or best.

3a. And no one cares about this problem enough to do anything about it.
If I do, I can send in a patch. It can't be easy if no one's done it
yet. And I need a version control system now, not next quarter or next
year.

Four reasons to say no; no reasons to say yes. Case closed.

I suggest that rewriting this FAQ item to be more security savvy could
go a long way to reducing the perception -- true or not -- that
Subversion developers don't take security seriously.

Stuart Celarier | Corillian Corporation

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jul 19 07:10:25 2006