SVN encrypted password store

SvnUnixEncryptionPasswords

Svn Problem Overview

I installed SVN on a Ubuntu machine and I can't get my head around something.

Whenever I checkout something from the terminal I get this error about saving a non-encrypted password:

-----------------------------------------------------------------------
ATTENTION!  Your password for authentication realm:

   <[...]> Subversion Repository

can only be stored to disk
unencrypted!  You are advised to
configure your system so that
Subversion can store passwords
encrypted, if possible.  See the
documentation for details.

You can avoid future appearances of
this warning by setting the value of
the 'store-plaintext-passwords' option
to either 'yes' or 'no' in
'/home/[...]/.subversion/servers'.
-----------------------------------------------------------------------

I goggled it a bit but I couldn't find anything useful. I found one topic where it said this was a client issue, not a server one, but I'm still not convinced.

It says "configure your system"; what exactly does it mean by that? The server or the client? If I'm the server, is there anything I can do about it? besides hiding the warning (like it says)...

Thanks!

Svn Solutions

Solution 1 - Svn

It is a client issue. It warns you that the credentials used for the different servers are being stored in plain text. You can hide that warning or use an encrypted storage to cache the passwords.

See: http://blogs.collab.net/subversion/2009/07/subversion-16-security-improvements

Solution 2 - Svn

By encrypting the password, you will not be able to achieve non-repudiation (other users could use your hash as you) due to OS file permissions. However, most companies have subversion setup using their domain password or some form of SSO password. By encrypting the password, you would at least mask someone from accessing a users other accounts.

I would still be concerned about the encryption strength. If the subversion password is linked to other important accounts, someone might test the encryption strength to crack the password out.

The best bet is to setup the subversion client to turn off stored passwords and force lazy Dev's to authenticate each time.

Solution 3 - Svn

I store the credentials on an encrypted disk. (Although, while encfs is mounted the credentials are still plain-text to my account)

$ ls -nl ~/.subversion/
total 20K
-rw-r--r-- 1 1000 1000 4.2K 2009-07-10 13:00 README.txt
lrwxrwxrwx 1 1000 1000   31 2009-10-14 14:31 auth -> ~/crypt/subversion/auth/
-rw-r--r-- 1 1000 1000 5.7K 2009-07-10 13:00 config
-rw-r--r-- 1 1000 1000 3.6K 2009-07-10 13:00 servers

Using git-svn means that I need the credentials much less often, so it may not be too onerous to not save them at all.

Categories
Recommended Svn Solutions
Recommended Unix Solutions
Recommended Encryption Solutions
Recommended Passwords Solutions

Previous Solution:

How to merge two "ar" static libraries into one?

LinuxStatic LibrariesUnix Ar

Next Solution:

Application Loader: "Cannot proceed with delivery: an existing transporter instance is currently uploading this package"

ItunesApp Store-Connect

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestiontreznikView Question on Stackoverflow
Solution 1 - SvnfriscoView Answer on Stackoverflow
Solution 2 - SvnJason LawrenceView Answer on Stackoverflow
Solution 3 - SvnbsbView Answer on Stackoverflow