Code Security

Hi,

Is there any way to store SVN user name and password in the Fisheye config file encyrpted or invisible?

Or can it be retrieved from LDAP or CROWD etc?

rong><auth username="the_repo_user_name" password="the_repo_user_pwd"/></strong>

3 answers

1 accepted

0 votes
Answer accepted

Hi Burcu,

I'd recommend configuring your server so that the minimum number of users (i.e. only your trusted System Administrators) have access to the filesystem and make the file readable only to the user that FishEye is running as.

As Partha points out on CRUC-1415, encrypting the password would only really prevent a casual browser from accidentally seeing the password. A malicious user with the right skills and patience would still be able to decrypt it and compromise your system. The best way to protect against this is to lock down your config.xml and your filesystem.

cheers,

Tim

That's not possible out of the box and Atlassian "Won't Fix" it -- https://jira.atlassian.com/browse/CRUC-1415

Hi,

the customer has different products and each development group should access only to their source code, not others. They shouldn't see irrelevant codebase. Even if SVN account is read only, if someone sees that file, s/he can access entire code base. I wonder how other companies resolve this situation.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Thursday in Jira

Updates to jira.atlassian.com give you visibility into what's coming in Jira Server and Data Center

Hello, Community! My name is Gosia and I'm a Product Manager on Jira Server and Data Center here at Atlassian. Since 2002 when we launched our public issue tracker, jira.atlass...

407 views 1 13
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you