[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: problems when using subversion over http with large files

From: John Szakmeister <john_at_szakmeister.net>
Date: 2006-07-28 10:49:21 CEST

----- Nico Kadel-Garcia <nkadel@comcast.net> wrote:
> ----- Original Message -----
> From: "Martin PovolnĂ˝" <martin.povolny@solnet.cz>
> To: <users@subversion.tigris.org>
> Sent: Thursday, July 27, 2006 4:01 AM
> Subject: problems when using subversion over http with large files
>
> Hallo,
>
> we are using subversion on a couple of quite large repozitories.
> In our setup we have apache2 with ldap authentication and
> dav_svn.
>
> Uh-oh. You've walked square into a serious security issue: The SVN clients
> store user login names and passwords in cleartext: for the commandline, it's
> typically in $HOME/.subversion/./auth/svn.simple/[hashedname]
>
> If you have the Apache LDAP using your user's normal login passwords, which
> is easy to do, then your user's passwords are stored in cleartext in the
> home directory of their LDAP client. The graceful way to avoid the problem
> is to use svn+ssh for write access.

Not in Windows (they're using TortoiseSVN). It's stored encrypted on the Windows platform, and in the Keychain on Mac OS X.

-John

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jul 28 10:50:34 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.