[EMAIL PROTECTED] on 05/15/2000 01:44:08 PM
>C'mon, Noel, you work for a bank! Surely you know this stuff!!!!
Fortunately for the bank, I don't work at this level. I am anxious to learn,
though, so if you have any book or URL recommendations, I'd appreciate a list.
>Or, perhaps better: I by no means have audited the security of CVS.
I think the manual states that CVS isn't secure nor is it meant to be secure --
use something else.
>security to know that that is not a valid line of reasoning. It may be
possible
>to properly secure CVS pserver across SSH; I'd feel a lot more confidence
>if somebody listed the necessary steps, and if that list included the dozen
>or so steps that I know a priori must be done.
I, too, would like such a list.
I see (some of) the requirements as the following:
1. Allow CVS to work without a login account on the server.
2. Have CVS be able to log who did what.
I'm thinking of using a third party product to perform the authentication and
using a CVS patch that'll allow the operations (eg commit) to be logged as the
authenticated user. Does anyone know of an open source product that'll perform
authentication?
Noel
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
