[Yanel-development] Yarep SVN implementation and security
Josias Thöny
josias.thoeny at wyona.com
Wed Nov 29 10:05:40 CET 2006
On Wed, 2006-11-29 at 08:47 +0100, Michael Wechner wrote:
> Hi
>
> At the moment we keep the Password for the SVN storage implementation
> plaintext within the yarep config file
>
> <storage class="org.wyona.yarep.core.impl.svn.SVNStorage">
> <content
> src="https://svn.wyona.com/repos/foo/bar/"
> workdir="/home/michi/foo/bar/"
> username="TEST"
> password="PASSWORD"/>
>
> </storage>
> </repository>
>
> This raises some security concerns especially on shared servers.
>
> The only way I currently see is that an administrator has to type-in the
> password during startup which
> would improve the situation a bit.
>
> Or are there any other ideas?
I agree it's not very nice to store the password in plaintext, but I
don't have any good ideas atm for a better solution.
With web applications which use jdbc connections it seems to be common
practice to store the password in plaintext in the web.xml.
But if someone comes up with a good idea, I'm interested to hear about
it.
Josias
>
> Thanks
>
> Michi
>
More information about the Yanel-development
mailing list