[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: username/password is displayed in Linux process list

From: Johnathan Gifford <jgifford_at_wernervas.com>
Date: 2007-01-29 20:31:55 CET

We use CruiseControl as well. To get around this, we use an account that has only read rights to the repository. We also cache those credentials on the box where the build happens. The idea is that if someone can log onto the computer, it assumed they also have rights to build. This allows us to not display that information in logs and screen consoles.

Not sure if you setup is like ours, but hope this helps,

Johnathan

>>> On Mon, Jan 29, 2007 at 1:22 PM, in message
<3A5B915AA10F9F4E9A77699659CDF3B5019ED1C8@patron.docusignhq.com>, "Dang Nguyen"
<dang@docusign.com> wrote:
> I use CruiseControl (continuous build system) to run hourly and nightly
> builds. Part of its task is to delete the local working copy and
> checkout the latest from SVN. I've noticed that when the checkout
> occurs, the username and password that I pass on the command line is
> displayed in plain text if I look at the process list (i.e., ps - ef).
> This is obviously a real security problem. Has this been reported
> before? The username and password should be masked, as I've seen other
> applications do.
>
> I am running svn 1.3.2 on a Redhat Linux 4 Enterprise Edition server.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Jan 29 20:33:05 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.