SVN avoid storing passwords in plain text?

views:

126

answers:

+1 Q:

SVN avoid storing passwords in plain text?

Under a bare bones setup for SVN on windows (without using VisualSVN), as per the instructions, the passwords are to be entered in the passwd file.

Does SVN provide a way to encrypt or atleast mask this file? as if a person has access to the server directories, he can quite casually edit these files in plain text and come to know of all passwords for the SVN repositories.

I'm not installing the apache service etc. Just basic SVN on a windows 2003 server with TortoiseSVN as client.

Cheers K

+1 A:

See this entry from the Subversion Frequently Asked Questions.

Jeff Foster 2009-11-21 11:26:38

That's the client credential caching: not what the OP asked, but worth checking anyway, see the comments in Joao's post for relevant links.

RedGlyph 2009-11-21 11:50:37

+2 A:

If the SVN version you are using supports SASL you can have a look at Using Cyrus SASL Authentication with Subversion.

To check if SASL is supported run 'svnserve --version' and look for a line reading 'Cyrus SASL authentication is available.' as stated in the svnserve.conf file.

João Angelo 2009-11-21 11:39:26

That's the correct way not to have plain passwords with svnserve, check also this link for the configuration (which is not as easy as plaintext or Apache): http://stackoverflow.com/questions/1730765/could-not-initilize-the-sasl-library/1731607#1731607, Make also sure that your passwords are not stored in plainform by the client (relevant link: http://www.open.collab.net/community/subversion/articles/svn_1.6_releasenotes.html from 1.6, and http://svnbook.red-bean.com/nightly/en/svn.tour.initial.html#svn.tour.initial.disabling-password-caching)

RedGlyph 2009-11-21 11:54:08

ansaurus

tags:

views:

answers:

SVN avoid storing passwords in plain text?

related questions