Security flaw: subversion stores passwords by default

From: Hadmut Danisch <hadmut_at_danisch.de>
Date: Wed, 19 Mar 2008 23:58:39 +0100

Hi,

I just installed a subversion repository together with webdav and an
apache server, protected
by password authentication over LDAP and HTTPS.

Accessing this repository over HTTPS worked perfectly except for a
severe security
problem:

Unless turned off in the users (or common) configuration file,
subversion stores the password
in plain textfiles. Since the web access password is the same as the
common account password
used for several services, unexperienced users compromise their own
passwords without even
realizing it.

Although not a bug in the common sense, this is a severe security flaw
by design.

I would strongly recommend to modify this behavior and to never ever let
subversion store
any password by itself. If the password should be stored locally, then
the user should do
it himself or at least give an option to do so.

And, btw., would be nice to support the https://user@server/... syntax
or a way to take the
user from environment or configuration.

regards
Hadmut

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-19 23:58:46 CET

This message: [ Message body ]
Next message: Greg Willits: "Re: ssh part of svn+ssh not working?"
Previous message: Xu, Xin: "RE: svn hangs when checkout or update"
Next in thread: Blair Zajac: "Re: Security flaw: subversion stores passwords by default"
Reply: Blair Zajac: "Re: Security flaw: subversion stores passwords by default"
Reply: Greg Thomas: "Re: Security flaw: subversion stores passwords by default"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]