Re: svn authentication

From: Mark Phippard <markp_at_softlanding.com>
Date: 2006-08-30 22:21:54 CEST

"Jim Weir" <javawaba@hotmail.com> wrote on 08/30/2006 03:23:41 PM:

> >It is stored in plain text on the server hard disk, as you see.
>
> Is this a potential security risk? How can I avoid this?

Only you can asses the risk. If you assign usernames and passwords that
do match up with other accounts, then the risk is just that someone can do
something to your repository that you did not want. But if you are
careful about secutiry this file should not be vulnerable anyway. Also,
keep in mind that nothing is ever deleted from a repository so any damage
that is done can be fixed.

The main concern is usually that admins do not want to see user passwords
or deal with this. Some people have created PHP scripts to manage the
file, and others have the developers create a hash of the password they
want to use and then set that as the password. The developer then just
has to recreate the hash and enter that as their password into SVN.

If you are really concerned, the answer is to use the Apache server option
or SSH.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Aug 30 23:07:20 2006

This message: [ Message body ]
Next message: Hadmut Danisch: "Re: Making a copy that follows?"
Previous message: Tuncer Ayaz: "Re: [LINUX] How to launch svnserve process with another user than 'root' ?"
In reply to: Jim Weir: "Re: svn authentication"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]