We have been using ReviewBoard with our Subversion repos using svn+ssh:// 
access, and while functional, it’s been a little slow.  Performance with 
https:// access to our Subversion servers is noticeably faster, but when I 
configure the Repository in ReviewBoard and specify the username and password 
to use, I noticed that the password is stored in plain text in the database.  
The database itself is not easily accessible by users, but the nightly database 
dumps could be read by others, so I am concerned about a possible exposure of 
automated build user account password.

We are still using ReviewBoard 1.7.27 as it is hosted on a CentOS 6 server, so 
upgrading to 2.X is not trivial.  Is it common practice for ReviewBoard users 
to store repository passwords in the database in plain text?


Supercharge your Review Board with Power Pack: 
Want us to host Review Board for you? Check out RBCommons: 
Happy user? Let us know! https://www.reviewboard.org/users/
You received this message because you are subscribed to the Google Groups 
"reviewboard" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to