Fisheye / Crucible: SVN Repository password storage and permissions Questions

1. 1. Is there any way to not store a password in clear text for the repository config settings? We can see the user’s password in the Fisheye config file. We see this as a big security risk.

2. 2. Is there any way for Fisheye to look up a user’s AD or SVN permission to determine what things they can see on the repository? We have an elaborate security scheme set up for our repository where only some users can see part of the repository. I realize that you can either add different parts of the repository using paths and give permissions that way, but it would get messy rather quickly given how our repository is set up.

4 answers

1 accepted

2 votes
Accepted answer
Nick Pellow Atlassian Team Aug 15, 2013

Hi Adam,

Regarding FishEye storing svn passwords in the config.xml: The following options are available to you:

  1. Make the config file only readable by the FishEye user. (Most recommended and robust option)
  2. Use svnsync to sync your svn repositories to the local FishEye server and then use the file:/// to allow FishEye to access your repositories. This will also be a performance boost for your instance.
  3. Configure the Native JavaHL client with FishEye, then log in to each svn server on the FishEye server as the same run user as FishEye. Svn will then cache the auth token and this will be used by FishEye when accessing the repo. You then don't need to enter a username or password in the repository configuration screen.

Hope this helps.

Regards

Nick Pellow.

Thank you Nick, that is very helpful. Do you have more information on #3?

We also have an issue where many of our developers have different permissions to the repository, in some cases it is rather elaborate. Do you have any suggestions for how to deal with this within Fisheye other than creating multiple paths/usernames for the repository?

0 votes

Hi Adam,

As for 1.1, this was already requested here:

https://jira.atlassian.com/browse/CRUC-1415

Please take a look at Partha's comment about why this improvement will not be implemented.

As for 2.2, it is possible to configure LDAP restrictions for your repositories, but you can only allow or deny access to the entire repository, not to only parts of it.

I hope this helps!

0 votes

Hi Adam,

As for 1.1, this was already requested here:

https://jira.atlassian.com/browse/CRUC-1415

Please take a look at Partha's comment about why this improvement will not be implemented.

As for 2.2, it is possible to configure LDAP restrictions for your repositories, but you can only allow or deny access to the entire repository, not to only parts of it.

I hope this helps!

We can't be the only ones that find this unacceptable... There's got to be a workaround. Whoever has that password can technically copy the entire repository.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 06, 2018 in Bitbucket

Upgrade Best Practices

Hello! My name is Mark Askew and I am a Premier Support Engineer for products Bitbucket Server/Data Center, Fisheye & Crucible. Today, I want to bring the discussion that Jennifer, Matt, and ...

426 views 6 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you