Re: plaintext passwords - my 0.02c
From: Nico Kadel-Garcia <nkadel_at_comcast.net>
Date: 2006-07-20 04:18:15 CEST
----- Original Message -----
I have been following this thread with some interest - having worked as config manager for ten years or so, mostly with large financial organisations and now with a much smaller firm, I can understand security (and other!) concerns that some companies would have but also recognise that some firms' security people can go over the top with these things. Basically, the cost to protect (including potential lost productivity) must be balanced against the potential loss through security issues and I guess that both these things are very difficult thing to quantify.
However, I have this question: Is the problem limited to environments only using svnserve?
For example, if I set up an environment using https, there are no plaintext password files stored on the server but I still have the issue of having my own password stored in plaintext in my own home directory (~/.subversion/auth/svn.simple - or something like that, I think) - albeit with read permissions only for me.
I accept that this is not as big a problem as a whole password file but if my home directory is mounted across several machines, there's nothing to stop somebody (who has root access on **any** of those machines) su-ing to me and taking a peek at my passwords. In a networked environment this is not difficult to do (getting root to a linux desktop is not difficult if you have access to the box on the desktop!)
Can I keep this password stored in an encrypted format? Does anyone else see this as an issue?
I certainly see it as an issue: The only ways to make this work are to use a different authentication technique, such as SSL keys, or to switch to an ssh+svnserve based access.
This is an archived mail posted to the Subversion Users mailing list.