[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: plaintext passwords - my 0.02c

From: John Rouillard <rouilj_at_renesys.com>
Date: 2006-07-19 16:49:39 CEST

On Wed, Jul 19, 2006 at 01:25:31PM +0200, Mark Ryan wrote:
> However, I have an additional question:
> *Is the problem limited to environments only using svnserve?
>
> For example, if I set up an environment using https, there are no
> plaintext password files stored on the server but I still have the issue
> of having my own password stored in plaintext in my own home directory
> (~/.subversion/auth/svn.simple - or something like that, I think) -
> albeit with read permissions only for me. In some ways this is worse -
> if I am authenitcating against a central service (eg. LDAP) then I have
> to use my regular login password (at least with the svnserve method you
> can have a seperate password!)

We use LDAP and the thought of having the password on disk unencrypted
was enough to convince my boss that svn+ssh is the only repo access
method we would support.

We use encrypted ssh key files and an ssh-agent which provides us with
the "only encrypted password tokens are allowed on disk" security
posture that we are comfortable with and that we can defend as due
diligence in a court of law.

-- 
				-- rouilj
John Rouillard
System Administrator
Renesys Corporation
603-643-9300 x 111
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jul 19 16:51:35 2006

This is an archived mail posted to the Subversion Users mailing list.