Re: Security flaw: subversion stores passwords by default / Proposal
From: Stefan Sperling <stsp_at_elego.de>
Date: Fri, 21 Mar 2008 14:51:16 +0100
On Thu, Mar 20, 2008 at 10:24:30PM +0100, Hadmut Danisch wrote:
Not necessarily.
If you prefix keys with the following in the authorized_keys file,
command="/usr/bin/svnserve -t",no-agent-forwarding,no-X11-forwarding,no-port-forwarding
Of course, this only works with SSH key authentication, not passwords.
Also, I share your concerns about the default storing of passwords.
There's more people who don't like the current behaviour. The subversion
However, I respect decisions this project has made in the past,
-- Stefan Sperling <stsp_at_elego.de> Software Developer elego Software Solutions GmbH HRB 77719 Gustav-Meyer-Allee 25, Gebaeude 12 Tel: +49 30 23 45 86 96 13355 Berlin Fax: +49 30 23 45 86 95 http://www.elego.de Geschaeftsfuehrer: Olaf Wagner
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.