[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security flaw: subversion stores passwords by default

From: Daniel Danger Bentley <dtbentley_at_gmail.com>
Date: Fri, 21 Mar 2008 13:09:39 -0400

On Thu, Mar 20, 2008 at 5:36 PM, Hadmut Danisch <hadmut_at_danisch.de> wrote:

> Hi,
> Ryan Schmidt wrote:
> >
> > The Subversion client needs to provide the plain text password to the
> > Apache server during authentication. Suggest a way for this to be
> > accomplished without storing the plain text password on the client's
> > disk.
> In the high security area where I am currently maintaining a protected
> SVN respository, the users are required to reenter the password any time.
> Even beyond that requirement, there's another problem:
> Some files need to be checked out from SVN with root permissions, but
> with user/password of the person who is root at that very moment. While
> several people share access to the root accounts, nobody should be able
> to check in changes under the name of a different person (or be able to
> read the password from the file system).

I don't know much about subversion (just joined), but this caught my eye:
Why are multiple people sharing an account? If you don't trust your users,
then why do you trust them to share an account?


> If someone really wants to store the password in a local file either for
> good reasons or for not taking care, let him do. But under any
> circumstances avoid storing the password accidently.
> >
> > Encrypting the password on the client's disk is not a solution unless
> > the Subversion client can also decrypt the password again so it can be
> > provided to Apache in plain text. And if the Subversion client, whose
> > source is public, can do this, then any other software can do this too
> > so it is no more secure than storing the plain text password on disk.
> Mostly correct. But this does not imply that you have to store the
> password if the user does not want this.
> (There are better ways to store it locally, e.g. protect it with a
> master password, like firefox, ssh-agent or the gnome/kde wallets do.
> A more complicated method for the future might be to use plugins, which
> can access the gnome/kde wallets.)
> regards
> Hadmut
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
> For additional commands, e-mail: users-help_at_subversion.tigris.org

'Ladislav Sticha, the tall spokesman for Czech Television, told me that the
show's audience was "miniature"  presumably he meant small in number.' -
New York Times, January 24, 2008
Received on 2008-03-21 18:10:03 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.