Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Code Security

tzigone
tzigone January 10, 2013

Hi,

Is there any way to store SVN user name and password in the Fisheye config file encyrpted or invisible?

Or can it be retrieved from LDAP or CROWD etc?

rong><auth username="the_repo_user_name" password="the_repo_user_pwd"/></strong>

Answer
Watch
Like Be the first to like this
380 views

3 answers

1 accepted

0 votes
Answer accepted
TimP
TimP
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 22, 2013

Hi Burcu,

I'd recommend configuring your server so that the minimum number of users (i.e. only your trusted System Administrators) have access to the filesystem and make the file readable only to the user that FishEye is running as.

As Partha points out on CRUC-1415, encrypting the password would only really prevent a casual browser from accidentally seeing the password. A malicious user with the right skills and patience would still be able to decrypt it and compromise your system. The best way to protect against this is to lock down your config.xml and your filesystem.

cheers,

Tim

Reply
1 vote
Sergey Svishchev
Sergey Svishchev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 16, 2013

That's not possible out of the box and Atlassian "Won't Fix" it -- https://jira.atlassian.com/browse/CRUC-1415

Reply
0 votes
tzigone
tzigone January 22, 2013

Hi,

the customer has different products and each development group should access only to their source code, not others. They shouldn't see irrelevant codebase. Even if SVN account is read only, if someone sees that file, s/he can access entire code base. I wonder how other companies resolve this situation.

Reply

Suggest an answer

Log in or Sign up to answer
Fisheye
Fisheye/Crucible
TAGS
AUG Leaders

Atlassian Community Events

    See all events