https://bugzilla.novell.com/show_bug.cgi?id=355729
User poeml@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=355729#c6
Peter Poeml changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
--- Comment #6 from Peter Poeml 2008-01-24 06:41:14 MST ---
No, a pseudo-encrypted password wouldn't prevent this.
And no, there is no way to use ssh keys, neither for svn over HTTP(S),
nor for osc.
BTW, ssh keys are either totally insecure if an attacker can access
them, or they are encrypted, which means that they are not convenient at
all, unless you use a key agent or otherwise store the encryption key on
disk or in memory.
The solution is always the same:
"Store the secret in a safe place."
This means that you
- put your .subversion directory in a local partiion instead of a
NIS-hosted home,
- put your .osc directory into a local partition instead of a NIS-hosted
home
- encrypt your ssh keys, and run a ssh-agent on a _safe_ machine _only_
and so on.
***
There is one thing which can be improved though, for osc. The
possibility that someone "looks over your shoulder", e.g. by accident,
when you open .oscrc in an editor, can be somewhat alleviated if the
password is base64 scrambled (for the simple fact that it will likely be
harder to memorize then). That's all.
However, it involves some work, because code needs to be written for
that, and all existing conf must be migrated and stay compatible.
Alternatively the password could be stored in a separate file which is
less likely to be opened in an editor.
Since this enhancement is listed in
https://forgesvn1.novell.com/svn/opensuse/trunk/buildservice/src/clientlib/p...
there is no need to track it here. If someone is motivated to implement
it it may eventually happen.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
