[Mongrel] SVN security hole explained

Zed Shaw zedshaw at zedshaw.com
Fri Aug 25 19:21:09 EDT 2006


On Fri, 2006-08-25 at 17:11 +0000, carmen wrote:
> > This is a Subversion working copy administrative directory.
> > Visit http://subversion.tigris.org/ for more information.
> 
> is there actualy anything important in there? i mean if you authenticate with SSH keys, and even if you dont, i dont think it caches passwords? and it surely doesnt cache the entire history ora nything (like a .git dir) so they wont be able to see all the embarassing oneline 'oops, working now' commits..

You never know what they put in there.  Having worked on a RCS before I
can tell you all the major authors love tossing the world into their
repositories.  Passwords, previous revisions that had passwords, your
daughter's baby pictures, all sorts of stuff.

-- 
Zed A. Shaw
http://www.zedshaw.com/
http://mongrel.rubyforge.org/
http://www.lingr.com/room/3yXhqKbfPy8 -- Come get help.



More information about the Mongrel-users mailing list