Re: plaintext passwords - my 0.02c

From: John Rouillard <rouilj_at_renesys.com>
Date: 2006-07-19 16:49:39 CEST

On Wed, Jul 19, 2006 at 01:25:31PM +0200, Mark Ryan wrote:
> However, I have an additional question:
> *Is the problem limited to environments only using svnserve?
>
> For example, if I set up an environment using https, there are no
> plaintext password files stored on the server but I still have the issue
> of having my own password stored in plaintext in my own home directory
> (~/.subversion/auth/svn.simple - or something like that, I think) -
> albeit with read permissions only for me. In some ways this is worse -
> if I am authenitcating against a central service (eg. LDAP) then I have
> to use my regular login password (at least with the svnserve method you
> can have a seperate password!)

We use LDAP and the thought of having the password on disk unencrypted
was enough to convince my boss that svn+ssh is the only repo access
method we would support.

We use encrypted ssh key files and an ssh-agent which provides us with
the "only encrypted password tokens are allowed on disk" security
posture that we are comfortable with and that we can defend as due
diligence in a court of law.

-- 
				-- rouilj
John Rouillard
System Administrator
Renesys Corporation
603-643-9300 x 111
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Wed Jul 19 16:51:35 2006

This message: [ Message body ]
Next message: mal content: "Re: plaintext passwords - my 0.02c"
Previous message: Ulrich Eckhardt: "Re: svn add "already under version control""
In reply to: Mark Ryan: "Re: plaintext passwords - my 0.02c"
Next in thread: Saulius Grazulis: "Re: plaintext passwords - my 0.02c"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]