[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Encrypted Repositories. . .?

From: Les Mikesell <lesmikesell_at_gmail.com>
Date: 2007-06-20 18:07:43 CEST

Michael Williams wrote:
> On Jun 20, 2007, at 11:26 AM, Matt Sickler wrote:
>> Perhaps it *could* *somehow* *maybe* be hacked together to "work".
>> SVN does not supply encryption of anything (except the link between
>> server and client when you use https or ssh+svn). If you want to
>> encrypt the repository, use an encrypted filesystem with a on-boot (or
>> on-mount) passphrase.
>> Anything else is just going to be a headache, cost a ton of money,
>> and probably remove what little sanity you seem to have left.
> I don't see why it would have to be *could* *somehow* *maybe*. The
> Cryptlib libraries are freely available and, I'm assuming, could be
> incorporated to encrypt SVNs process and output. Anyone?

What's to keep someone who would be able to access your files from
replacing your svn binary with a trojan version that steals the
encryption key? If you can't do that, what's the point of giving a
false sense of security?

   Les Mikesell
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jun 20 18:06:55 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.