https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292007-03-09T12:11:00ZRedmineRedmine - Feature #281: Password-protected SVN repositories...https://www.redmine.org/issues/281?journal_id=6202007-03-09T12:11:00ZJean-Philippe Langjp_lang@yahoo.fr
<ul></ul><p>The feature has just been committed in the repository.<br />Two properties were added to the repository: login and password.</p>
<p>Regards</p> Redmine - Feature #281: Password-protected SVN repositories...https://www.redmine.org/issues/281?journal_id=6192007-03-09T12:44:00ZChris Grant
<ul></ul><p>I've updated to the newest build, migrated the database and attempted<br />to use<br />this new feature. First, I added the login and password to the<br />already-<br />existing repository URL for the project but it did not update.<br />I disabled the<br />repository for the project which deleted it from the database.<br />After the entry<br />was removed from the database, I attempted to enable the repository,<br />providing a URL, login and password, but it threw an exception:</p>
<p>NoMethodError in ProjectsController#edit<br />undefined method `password=' for #<Repository:0x312ce58></p>
<p>#{RAILS_ROOT}/app/controllers/projects_controller.rb:113:in<br />`edit'</p>
<p>Parameters: {"commit"=>"Save",<br />"repository"=>{"url"=>"http://<br />svn.domain.com/project",<br />"password"=>"somepass",<br />"login"=>"username"},<br />"project"=>{"name"=>"My Project",<br />"description"=>"Cool Project",<br />"homepage"=>"http://www.myproject.com/",<br />"is_public"=>"0"},<br />"id"=>"1",<br />"repository_enabled"=>"1"}</p>
<p>I hope you can make sense of this ... I see that you have the<br />idea of a<br />repository implemented in a few places and I'm sure you can nail<br />down this<br />problem faster than I can make sense of it all. ;)</p>
<p>Thanks for adding this functionality so quickly!</p> Redmine - Feature #281: Password-protected SVN repositories...https://www.redmine.org/issues/281?journal_id=6182007-03-09T13:06:00ZChris Grant
<ul></ul><p>Ok, I deleted the whole project and created a new one ... this<br />time, when adding<br />the SVN details (including login and password), the SVN credentials<br />were stored<br />and allow me to access SVN repository and details.</p>
<p>So, the problem seems to be limited to updating a current project<br />rather than<br />creating a new one.</p> Redmine - Feature #281: Password-protected SVN repositories...https://www.redmine.org/issues/281?journal_id=6172007-03-09T14:00:00ZJean-Philippe Langjp_lang@yahoo.fr
<ul></ul><p>I've updated a few projects and didn't have any problem.</p>
<p>I can't see why you got an undefined method `password='<br />for #<Repository:0x312ce58> error if the password field<br />was added in the database and your app was properly restarted,<br />since this method is automatically defined by AR.</p>
<p>Let me know if you experience this problem again.</p>
<p>Thanks.</p> Redmine - Feature #281: Password-protected SVN repositories...https://www.redmine.org/issues/281?journal_id=6162007-03-09T15:17:00ZChris Grant
<ul></ul><p>Yeah, after looking through the code, this matter is entirely<br />driven by AR. I was<br />sure to shutdown, update/migrate, clear session information and<br />then restart. I<br />don't know why it bombed but it's working now. Again, I appreciate<br />the quick<br />feature addition.</p> Redmine - Feature #281: Password-protected SVN repositories...https://www.redmine.org/issues/281?journal_id=6152007-03-09T17:20:00ZChris Grant
<ul></ul><p>One last request on this issue...</p>
<p>In the name of security, I'm going to look into how we can<br />store the password within the database differently. I<br />notice that the password is stored in clear-text within the<br />database. This is necessary because redMine needs to pass<br />it on to the repository.</p>
<p>First of all, even simply-encrypted would fair better than<br />leaving the password in clear-text. I'll look around to see<br />how other organizations are implementing encryption on<br />values that they'll need to know (not just simple hashing).</p>
<p>Also, another approach would be to have the SVN repository<br />password only stored for as long as needed (i.e. within the<br />session). This, too, would be encrypted and only asked for<br />once within a session. Personally, I feel that this is the<br />most secure way of handling this ... at least for my own<br />paranoid needs.</p>
<p>If anyone has any suggestions as to how they'd implement<br />this stuff, start up a forum post and we'll collaborate.</p>
<p>-Chris</p> Redmine - Feature #281: Password-protected SVN repositories...https://www.redmine.org/issues/281?journal_id=6142007-03-14T10:43:00ZJean-Philippe Langjp_lang@yahoo.fr
<ul></ul><p>I close this feature since it has been implemented.<br />If you have specific needs concerning password storage security,<br />you can open a new request.</p>