On Mar 19, 2008, at 19:02, Hadmut Danisch wrote:
> Blair Zajac schrieb:
>
>> See
>>
>> http://subversion.tigris.org/faq.html#plaintext-passwords
>> http://svnbook.red-bean.com/nightly/en/
>> svn.serverconfig.netmodel.html#svn.serverconfig.netmodel.credcache
>
> Thanks, but I am pretty much aware of this.
>
> This does not make it any less insecure. On the contrary: This is
> insecure by design. If many people have
> complained before, and the authors still intentionally keep such
> flaws, what is their idea of security?
>
> Just read that:
>
> " Trust your OS to protect data on disk."
>
> That's nonsense. What do they believe why passwords stored by the
> operating system are usually hashed and salted?
>
> What makes them believe that exactly that OS will be in place all
> time?
>
> That sort of approach is really silly. If you can't do it in a
> secure way, than don't do it at all (at least not without explicit
> user consent).
>
>
> The really bad thing about this is that it not just compromises
> subversion, but can compromise the security of the whole LAN.
>
> Absolutely bad design.
The Subversion client needs to provide the plain text password to the
Apache server during authentication. Suggest a way for this to be
accomplished without storing the plain text password on the client's
disk.
Encrypting the password on the client's disk is not a solution unless
the Subversion client can also decrypt the password again so it can
be provided to Apache in plain text. And if the Subversion client,
whose source is public, can do this, then any other software can do
this too so it is no more secure than storing the plain text password
on disk.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-20 01:26:17 CET