[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security flaw: subversion stores passwords by default / Proposal

From: Deven T. Corzine <deven_at_ties.org>
Date: Sat, 22 Mar 2008 16:26:38 -0400

Karl Fogel wrote:
> The weakness of the current way is not lack of simplicity or
> comprehensibility. It's that it stores plaintext on disk (albeit
> permission-protected). We've never claimed this is ideal; it was a
> conscious trade-off. I think any part of your suggestions that can
> purely improve the situation will be welcome. To the extent that you
> propose different trade-offs, that may or may not fly, I can't say how
> it will turn out.

Whether or not to store passwords at all, and whether there's a better
way, is a larger discussion.

However, once you've chosen to store passwords, they should at least be
obscured from casual viewing. Even if it's just Base64-encoded, that's
better than plaintext passwords. At least it requires a positive step
to decode the password, which won't happen by accident. An
administrator could stumble across the plaintext password by accident,
compromising the password unintentionally. No, it's no more secure from
an attacker, but it's still an improvement.


To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-22 21:26:10 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.