fisheye - subversion security

tzigone December 11, 2012

Hi,

How and where does Fisheye keep Subversion user name and password? It is not preferred that one user logs in to Subversion and access code base in case user name and password are revealed.

How does Fisheye deal with security issues in general?

Thanks,

2 answers

1 accepted

0 votes
Answer accepted
Felipe Kraemer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 20, 2012

Hi Burcu,

FishEye stores repository configuration information, such as username and password, in <FishEye_Home_Directory>/config.xml. This is a sample SVN configuration found in config.xml:

<repository name="SVN" description="This is a sample SVN repo" store-diff="true" enabled="true">
   <svn url="file:///C:/Repositories/SVN" path="" follow-base="false" initial-import="none">
      <symbolic auto-rules="true"/>
      <auth username="the_repo_user_name" password="the_repo_user_pwd"/>
   </svn>
   <linker/>
   <security use-defaults="true" allow-anon="false" allow-logged-in="false" allow-anon-write="false" allow-logged-in-write="false">
      <required-groups/>
	  <required-write-groups/>
   </security>
</repository>

Cheers,
Felipe Kraemer

0 votes
Mohant December 24, 2012

Are there any way to get repository user from crowd or store password as encrypted?

tzigone December 24, 2012

Hi,

Our goal is to make this file super secure. Even if someone reaches the machine that this file is kept in, s/he won't be able to read the user name/password.

We are intending to use Crowd in near future. Can Crowd be a solution for this, in general what are our options to hide user name and password information ?

Thanks,

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events