Our inhouse Windows 2003 server hosts our companies svn repos. I'm looking for a secure method, preferably encryption, for the server-side passwords. Right now they're stored in clear text. Is there a svn plugin or method that I can use to achieve this?
Thanks
-
If your company uses Active Directory, that's an option.
-
SASL is available in most SVN serve binaries available for Windows.
Matt : After I got time to sit down and do some research on SASL I found everything I needed. Thanks. -
Without a doubt the most secure authentication system for svn is svn+ssh:// using certificate authentication for ssh. This makes brute force attacks statistically impossible, an attacker can't use a dictionary. This also makes MITM attacks more difficult, you can't intercept a password. Even if you have access to the server you won't have a user's private key, so this takes care of some threats posed by a Malicious Insider.
0 comments:
Post a Comment