Re: Encrypting selected files ...

From: Andrey Repin <anrdaemon_at_freemail.ru>
Date: Fri, 2 Oct 2009 22:43:37 +0400

Greetings, Parrish, Ken!

> I have been asked to look into the issue of encrypting sensitive information
> that is stored in our source code repository. We have quite a few users of
> our repository, many of whom are overseas.

Sensitive information must not be stored in open repository.
Establish separate, properly secured repository for this task.

> 99.99% of what's in our repository is just source code that everyone needs.
> However there are a few files that contain production usernames, passwords
> and other references to assets that we would like to encrypt and allow
> access only to selected users or those with an encryption key.

I do have similar issue. To solve it, i have separate, non-versioned file with
all credentials written in it, that project picks up.
This is also true for deployment. User get a "config-auth-example.php", copy
it over to "config-auth.php" and adjust for his/her needs.
Now you're 1001% sure you will never ever overwrite the user settings with any
upgrades. Simply because redistribution does not contain this file.

--
WBR,
 Andrey Repin (anrdaemon_at_freemail.ru) 02.10.2009, <22:39>
Sorry for my terrible english...
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2403032
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].

Received on 2009-10-02 20:45:48 CEST

This message: [ Message body ]
Next message: Pat Farrell: "Re: Encrypting selected files ..."
Previous message: Alec Kloss: "Re: Encrypting selected files ..."
In reply to: Parrish, Ken: "Encrypting selected files ..."
Next in thread: Pat Farrell: "Re: Encrypting selected files ..."
Reply: Pat Farrell: "Re: Encrypting selected files ..."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]