[Mongrel] SVN security hole explained

Shane Vitarana shanev at gmail.com
Fri Aug 25 14:57:08 EDT 2006


I don't see why this is a huge security issue either.  At the worst
someone can view your commit history by viewing the .svn/entries file.
 The password auth files are stored in the repository itself, not in
the .svn directories in the working copy.

Shane Vitarana
shanesbrian.net

On 8/25/06, carmen <_ at whats-your.name> wrote:
> > This is a Subversion working copy administrative directory.
> > Visit http://subversion.tigris.org/ for more information.
>
> is there actualy anything important in there? i mean if you authenticate with SSH keys, and even if you dont, i dont think it caches passwords? and it surely doesnt cache the entire history ora nything (like a .git dir) so they wont be able to see all the embarassing oneline 'oops, working now' commits..
>
> >
> > -daya
>
> > _______________________________________________
> > Mongrel-users mailing list
> > Mongrel-users at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/mongrel-users
>
> _______________________________________________
> Mongrel-users mailing list
> Mongrel-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/mongrel-users
>


More information about the Mongrel-users mailing list