On Mon, Aug 31, 2009 at 08:44, Johan
Corveleyn<johan.corveleyn_at_uz.kuleuven.ac.be> wrote:
>> > If you really believe this is a security problem, I hope you're
>> on the
>> > OpenSSH mailing list complaining that the use of SSH
>> authorization
>> > keys is insecure because if someone gains access to my ~/.ssh
>> > directory, they can impersonate me.
>>
>> Andy, I wrote the SunOS port of SSH 1, SSH 2, and OpenSSH years
>> back.
>> So yes, I've been active on it for years. That approach is much
>> superior to the standard and limited SSH key access, which presents
>> day-to-day integration problems.
>
> Not meaning to throw oil on the fire :), but just as an innocent bystander:
> You haven't answered the question: why are private keys with 600 permissions in ~/.ssh more secure than passwords in files with 600 permissions in ~/.subversion/auth? Or have I missed something?
>
>> It's why for most UNIX users in
>> professional environments, I recommend they use TortoiseSVN to a
>> Samba
>> share to access their repositories. The client is much safer, and
>> much
>> more reliable.
>
> And this works in practice? I would think you'd get all sorts of problems with svn:eol-style=native, and case-(in)sensitivity when you share a working copy this way (use the same WC from both a Unix client and a windows client through a samba share)
Plus this http://tortoisesvn.tigris.org/faq.html#samba
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2388887
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-31 15:00:37 CEST