[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Encrypting selected files ...

From: Andrey Repin <anrdaemon_at_freemail.ru>
Date: Fri, 2 Oct 2009 22:43:37 +0400

Greetings, Parrish, Ken!

> I have been asked to look into the issue of encrypting sensitive information
> that is stored in our source code repository. We have quite a few users of
> our repository, many of whom are overseas.

Sensitive information must not be stored in open repository.
Establish separate, properly secured repository for this task.

> 99.99% of what's in our repository is just source code that everyone needs.
> However there are a few files that contain production usernames, passwords
> and other references to assets that we would like to encrypt and allow
> access only to selected users or those with an encryption key.

I do have similar issue. To solve it, i have separate, non-versioned file with
all credentials written in it, that project picks up.
This is also true for deployment. User get a "config-auth-example.php", copy
it over to "config-auth.php" and adjust for his/her needs.
Now you're 1001% sure you will never ever overwrite the user settings with any
upgrades. Simply because redistribution does not contain this file.

--
WBR,
 Andrey Repin (anrdaemon_at_freemail.ru) 02.10.2009, <22:39>
Sorry for my terrible english...
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2403032
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-10-02 20:45:48 CEST

This is an archived mail posted to the Subversion Users mailing list.