[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: how can I change my password by SVN client?

From: Johan Corveleyn <johan.corveleyn_at_uz.kuleuven.ac.be>
Date: Mon, 31 Aug 2009 14:44:01 +0200

> > If you really believe this is a security problem, I hope you're
> on the
> > OpenSSH mailing list complaining that the use of SSH
> authorization
> > keys is insecure because if someone gains access to my ~/.ssh
> > directory, they can impersonate me.
> Andy, I wrote the SunOS port of SSH 1, SSH 2, and OpenSSH years
> back.
> So yes, I've been active on it for years. That approach is much
> superior to the standard and limited SSH key access, which presents
> day-to-day integration problems.

Not meaning to throw oil on the fire :), but just as an innocent bystander:
You haven't answered the question: why are private keys with 600 permissions in ~/.ssh more secure than passwords in files with 600 permissions in ~/.subversion/auth? Or have I missed something?

> It's why for most UNIX users in
> professional environments, I recommend they use TortoiseSVN to a
> Samba
> share to access their repositories. The client is much safer, and
> much
> more reliable.

And this works in practice? I would think you'd get all sorts of problems with svn:eol-style=native, and case-(in)sensitivity when you share a working copy this way (use the same WC from both a Unix client and a windows client through a samba share) ... Otherwise I don't understand the setup you're suggesting.



To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-31 14:45:30 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.