Re: Encrypting selected files ...

From: Pat Farrell <pfarrell_at_pfarrell.com>
Date: Fri, 02 Oct 2009 12:08:18 -0400

Les Mikesell wrote:
>> Its simple. put those things in a properties file or equivalent and do
>> not use SVN for them.
>
> That's correct in theory, but I'd bet that most places that keep any
> production code/configurations in subversion have this issue.

All places that use this approach have no security.

This is a fundamental issue, don't do that.

> There are just too many places where you can't separate them.

If you care, at all, about security, you must separate them.

I will agree that too many places put these in SVN, or equivalent, but
that does not make it acceptable. Its simply poor operational design.

Most theft and fraud are inside jobs. You can not allow simple access to
the source code to allow access to production.

This does not prevent the operations folks from having their own SVN
inside their security perimeter. But its simply wrong to put production
passwords in the general engineering SVN.

-- 
Pat Farrell
http://www.pfarrell.com/
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2402982
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].

Received on 2009-10-02 18:09:21 CEST

This message: [ Message body ]
Next message: Aaron Turner: "Re: Encrypting selected files ..."
Previous message: Les Mikesell: "Re: Encrypting selected files ..."
In reply to: Les Mikesell: "Re: Encrypting selected files ..."
Next in thread: Les Mikesell: "Re: Encrypting selected files ..."
Reply: Les Mikesell: "Re: Encrypting selected files ..."
Reply: Parrish, Ken: "RE: Encrypting selected files ..."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]