[Mongrel] SVN security hole explained
shanev at gmail.com
Fri Aug 25 14:57:08 EDT 2006
I don't see why this is a huge security issue either. At the worst
someone can view your commit history by viewing the .svn/entries file.
The password auth files are stored in the repository itself, not in
the .svn directories in the working copy.
On 8/25/06, carmen <_ at whats-your.name> wrote:
> > This is a Subversion working copy administrative directory.
> > Visit http://subversion.tigris.org/ for more information.
> is there actualy anything important in there? i mean if you authenticate with SSH keys, and even if you dont, i dont think it caches passwords? and it surely doesnt cache the entire history ora nything (like a .git dir) so they wont be able to see all the embarassing oneline 'oops, working now' commits..
> > -daya
> > _______________________________________________
> > Mongrel-users mailing list
> > Mongrel-users at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/mongrel-users
> Mongrel-users mailing list
> Mongrel-users at rubyforge.org
More information about the Mongrel-users