Home » Eclipse Projects » Subversive » How can I encrypt and decrypt repository password?(Protect repository from home access.)
| | |
Re: How can I encrypt and decrypt repository password? [message #493609 is a reply to message #493533] |
Tue, 27 October 2009 08:46 |
Igor Burilo Messages: 435 Registered: July 2009 |
Senior Member |
|
|
Hello,
I can see here a following solution: you can prepare environment with
entered security items for such junior developers, e.g. for each junior
developer you provide an eclipse distribution, where you create SVN
repository location with all needed information: url, password etc. What it
gives? It gives that only you (or the trusted person) who knows password (or
other security issues) enters the password, but junior developers just use
them and they will never know passwords (of course, if they don't break
Eclipse security storage :).
As for your solution to this problem: you proposed that Subversive allows
encrypted password to be entered. But if Subversive allows it, what can
prevent for junior developers to use these encrypted passwords at home, as
Subversive understands them?
> Hello Igor,
>
> I don't want junior developers, developer who are on probation and
> contractors know real password. They might be able to steal source code or
> keep it at home. With svn+ssh, they can still access repository if they
> have key and pass-phrase.
>
> So, I will give encrypt password, provide custom eclipse package for them.
> When they enter password, subversive will decrypt password and store the
> real password in cache. It would be nice if we can store encrypt password.
>
> Could you please advise me on how to do this? Does it has a better
> solution to protect source code?
>
>
> Best regards,
>
> Putthibong Boonbong
|
|
| |
Re: How can I encrypt and decrypt repository password? [message #493826 is a reply to message #493718] |
Wed, 28 October 2009 08:22 |
Igor Burilo Messages: 435 Registered: July 2009 |
Senior Member |
|
|
Hello,
>But sometime, Subversive forgot password.
What do you mean here? Do you use 'Save Password' option? If it's possible,
could you please describe the use case when Subversive forgets password?
I'm not sure but probably you can look to Apache's abilities to limit access
for junior developers (of course if your SVN server works with Apache)?
> Hello,
>
> I have been using your first solution to protect subversion.
>
> In case of contractor, we create Linux image with Eclipse and disable all
> services. They cannot use this image to access internet except update and
> commit. But sometime, Subversive forgot password. So, I have to use remote
> access to contractor machine, open their VM player and re-enter password.
> It's quite uncomfortable when we work with many contractors.
>
> I have been trying to create extension to Subversive plugin. With this
> solution, I can give them a fake password that cannot be used outside
> Linux image.
>
>
> Best regards,
>
> Putthibong Boonbong
|
|
| | | | | | |
Goto Forum:
Current Time: Fri Sep 27 00:25:54 GMT 2024
Powered by FUDForum. Page generated in 0.07324 seconds
|