[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Password stored in clear text!

From: Jeremy Pereira <jeremyp_at_jeremyp.net>
Date: 2006-08-22 12:38:56 CEST

On 22 Aug 2006, at 09:45, Nico Kadel-Garcia wrote:

>
> This is simply untrue. For many users, who use Windows clients and
> thus apparently store them encrypted locally, it's OK. But for
> those many hundreds, thousands, or perhaps tens of thousands who
> work in Linux or Solaris, and who have machines with NFS home
> directories, unencrypted backups, laptops, or otherwise have
> physical access to their machines by people in the same
> encironment, it's a serious issue.
>
> Peoiple need to be clear that it *is* a security risk, and to
> pursue the extra step of enforcing ssh+svnserve access only if
> they're going to operate in operating systems that do not encrypt
> such stored passwords. Anyone who thinks that keeping your core
> security information in a personal directory which permissions set
> to 700 is simply not taking the security risk seriously. It's no
> better than taping your password under your keyboard.

Yes, it is a security risk, but the problem is not subversion but the
broken security model. The semantics of "chmod 700 foo" are "I am
the only regular user allowed to see what's in this file". It's NFS/
unencrypted backups which are broken not subversion.

Subversion has to exist in the real world where these these things
aren't going to get fixed any time soon, so it does already have a
couple of work arounds on generic Unix boxes which have already been
mentioned. They are not ideal, but they are there.

Subversion is an open source project, so you can implement your own
more secure solution or pay somebody else to do it.

>
> Again, you're missing some risky situations. CygWin has a Win32
> client: it does not store the passwords encrypted. Only certain
> Win32 clients, such as the wonderful TortoiseSVN, encrypt their
> stored passwords. And storing subversion passwords on a Win32 box,
> unless the user's home directory is encrypted, is a bad joke if
> anyone can walk up the machine unobserved for a few minutes with a
> Knoppix boot CD and grab their boss's or professor's or the TA's
> passwords. I like CygWin: I find it very useful. But I may have to
> tell people "don't use the Subversion client in CygWin", and try to
> force them to use TortoiseSVN only, because of this sort of
> security risk in a Windows envornment.

The generic as-supplied-by-the-subversion-project svn client uses
encryption on Windows. From the Subversion book:

"On Windows 2000 or later, svn 1.2 and above uses standard Windows
APIs to encrypt the data, so only the user can decrypt the cached
password"

So don't use the cygwin client. It hasn't got any different
functionality from the Windows client apart from storing passwords in
plain text.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 22 12:42:36 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.