You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Gerald Richter <ri...@ecos.de> on 2002/06/22 14:12:19 UTC
Not storing passwords in the filesystem
Hi,
until now I have used svn only on the LAN and didn't used any authetication.
Now I have made a repository available to the internet and secured it with
passwords. This works fine, but when I done any operations now my password
is stored for every subdirectory in cleartext in the filesystem. While this
is ok for a secure machine, this is a big security whole when doing a
checkout etc. on machine that is used by many people or is accessable via
the net.
I didn't find anyway to delete these passwords (ok I can do a find -name
password -exec rm {} \; ), but this isn't very convenient. So my questions
is, is there a way to not store passwords at all, so I get asked anytime I
access the repository, or at least is there a way to logout and delete the
password.
I know svn is still pre-alpha, so I just want to know the state of this
issue and if there are any plans/features I have overseen already
Gerald
-------------------------------------------------------------
Gerald Richter ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: richter@ecos.de Voice: +49 6133 925131
WWW: http://www.ecos.de Fax: +49 6133 925152
-------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Not storing passwords in the filesystem
Posted by Philip Martin <ph...@codematters.co.uk>.
"Gerald Richter" <ri...@ecos.de> writes:
> I didn't find anyway to delete these passwords (ok I can do a find -name
> password -exec rm {} \; ), but this isn't very convenient. So my questions
> is, is there a way to not store passwords at all, so I get asked anytime I
> access the repository, or at least is there a way to logout and delete the
> password.
>
> I know svn is still pre-alpha, so I just want to know the state of this
> issue and if there are any plans/features I have overseen already
It's issue 720: http://subversion.tigris.org/issues/show_bug.cgi?id=720
--
Philip
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Not storing passwords in the filesystem
Posted by David Summers <da...@summersoft.fay.ar.us>.
Right now on CVS :ext: (ssh) you have to set it up to automatically log in
to the server, so I would think that the default should be no save with
the option to save easily findable. Of course CVS :pserver: is just the
opposite, you have to login (which saves your password) and then it is
automatic...so.....tough call. I probably would err on the safe side and
not save the passwords by default.
- David Summers
On 22 Jun 2002, Karl Fogel wrote:
> "Gerald Richter" <ri...@ecos.de> writes:
> > Great! I would suggest to turn password storing off by default.
>
> This is a tough call, but IMHO the inconvenience outweighs the extra
> security, so my instinct is to leave storing as the default. Would
> like to hear what others think, too, though...
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
>
--
David Wayne Summers "Linux: Because reboots are for upgrades!"
david@summersoft.fay.ar.us PGP Key: http://summersoft.fay.ar.us/~david/pgp.txt
PGP Key fingerprint = C0 E0 4F 50 DD A9 B6 2B 60 A1 31 7E D2 28 6D A8
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Re: Not storing passwords in the filesystem
Posted by Peter Davis <pe...@pdavis.cx>.
On Saturday 22 June 2002 12:25, Bill Tutt wrote:
> the password information is cached in memory by the UI, and
> discarded upon UI closing, but also having the option to cache the
> password information someplace more permanent.
For the command line client, how about something like ssh-agent (a daemon
loaded by your .bash_profile that caches the password)?
http://www-106.ibm.com/developerworks/linux/library/l-keyc2/
--
Peter Davis
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
RE: Re: Not storing passwords in the filesystem
Posted by Bill Tutt <ra...@lyra.org>.
> From: Karl Fogel [mailto:kfogel@newton.ch.collab.net]
>
> "Gerald Richter" <ri...@ecos.de> writes:
> > Great! I would suggest to turn password storing off by default.
>
> This is a tough call, but IMHO the inconvenience outweighs the extra
> security, so my instinct is to leave storing as the default. Would
> like to hear what others think, too, though...
>
Of course, UI apps are going to behave in a completely opposite fashion.
My current thinking about what should happen in a UI for Subversion is
that the password information is cached in memory by the UI, and
discarded upon UI closing, but also having the option to cache the
password information someplace more permanent. Preferably that wouldn't
be in the working copy data. On Win32 systems it might be wise to cache
it in a secure storage container of some sort.
So please think about that kind of thing when tweaking any of this part
of the existing code base.
Thanks,
Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Not storing passwords in the filesystem
Posted by Karl Fogel <kf...@newton.ch.collab.net>.
"Gerald Richter" <ri...@ecos.de> writes:
> Great! I would suggest to turn password storing off by default.
This is a tough call, but IMHO the inconvenience outweighs the extra
security, so my instinct is to leave storing as the default. Would
like to hear what others think, too, though...
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Not storing passwords in the filesystem
Posted by Gerald Richter <ri...@ecos.de>.
>
> +1 on making this a run-time option.
>
> We now have a number of little things we want in the
> .subversion/config (or .subversion/options or registry or whatever).
> I'll try to make that file exist today, and put this as an option in
> it.
>
Great! I would suggest to turn password storing off by default.
Another idea in this area is, to allow to specify a client certificate which
can be used by mod_ssl to autheticate the user, instead of using basic auth.
Just an idea...
Gerald
-------------------------------------------------------------
Gerald Richter ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: richter@ecos.de Voice: +49 6133 925131
WWW: http://www.ecos.de Fax: +49 6133 925152
-------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Not storing passwords in the filesystem
Posted by Karl Fogel <kf...@newton.ch.collab.net>.
"Gerald Richter" <ri...@ecos.de> writes:
> until now I have used svn only on the LAN and didn't used any authetication.
> Now I have made a repository available to the internet and secured it with
> passwords. This works fine, but when I done any operations now my password
> is stored for every subdirectory in cleartext in the filesystem. While this
> is ok for a secure machine, this is a big security whole when doing a
> checkout etc. on machine that is used by many people or is accessable via
> the net.
>
> I didn't find anyway to delete these passwords (ok I can do a find -name
> password -exec rm {} \; ), but this isn't very convenient. So my questions
> is, is there a way to not store passwords at all, so I get asked anytime I
> access the repository, or at least is there a way to logout and delete the
> password.
>
> I know svn is still pre-alpha, so I just want to know the state of this
> issue and if there are any plans/features I have overseen already
+1 on making this a run-time option.
We now have a number of little things we want in the
.subversion/config (or .subversion/options or registry or whatever).
I'll try to make that file exist today, and put this as an option in
it.
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org