[Mongrel] SVN security hole explained

Zed Shaw zedshaw at zedshaw.com
Fri Aug 25 19:21:09 EDT 2006

On Fri, 2006-08-25 at 17:11 +0000, carmen wrote:
> > This is a Subversion working copy administrative directory.
> > Visit http://subversion.tigris.org/ for more information.
> is there actualy anything important in there? i mean if you authenticate with SSH keys, and even if you dont, i dont think it caches passwords? and it surely doesnt cache the entire history ora nything (like a .git dir) so they wont be able to see all the embarassing oneline 'oops, working now' commits..

You never know what they put in there.  Having worked on a RCS before I
can tell you all the major authors love tossing the world into their
repositories.  Passwords, previous revisions that had passwords, your
daughter's baby pictures, all sorts of stuff.

Zed A. Shaw
http://www.lingr.com/room/3yXhqKbfPy8 -- Come get help.

More information about the Mongrel-users mailing list