I think that feature/convenience/tool support-wise pserver is far superior.
The only real downside is that someone with a packet sniffer could fairly
easily sniff your your username and password.
That is fairly easy to solve, just encrypt the link with your favorite SSL
Bridge software or SSH port forwarding.
Here is how we're setup (your paranoia/security concerns may vary):
-Firewall with just the encrypted CVS port open.
-CVS machine running pserver and some SSL Bridge software (forwards to the
real CVS port on the same machine behind the firewall).
-Three non-login cvs accounts corresponding to "access levels" (we don't
give everyone write access to the files in CVSROOT for example and we have
some per project security).
-CVSROOT/password file mapping CVS usernames and password to to the cvs
accounts based on the priveleges we want them to have.
-wrappers files logging activity and enforcing comment formats (we've got
some software that gateways CVS into our support system, so it needs to be
in a certain format).
-Developers have their own copy of the SSL bridge that answers on port 2401
and forwards to the encrypted port on the CVS server
*boom* Safe and secure.
Brian Huddleston
Huddleston Consulting
----- Original Message -----
From: "Nosediver" <[EMAIL PROTECTED]>
To: "cvs" <[EMAIL PROTECTED]>
Sent: Monday, May 15, 2000 2:10 AM
Subject: [New CVS user] Best config?
>
> Hi.
>
> I am absolutely new to setting up CVS. I have used it once though... Linux
> platform.
>
> I need your recommendation as to what type of set up is best. Any why.
>
> Here is my scenario:
> --------------------
>
> Currently, for one project, 6 developers. Firewalled machine.
>
> | |
> <CVS server> | <firewall> | <world>
> | |
>
>
> No one can telnet into my machine from networks that the firewall does not
> approve of. Specifically, from dynamic addresses.
>
> I realised that the sys admins managing the firewall have not closed the
> ssh port, though. So that means, that is the only way my developers can
> reach the CVS server from outside the organisation.
>
> The number of projects and developers are very likely to explode and the
> projects are likely to be highly complicated in teh future. Security is a
> big concern. A couple of the developers have script-kid friends, for
> instance. ;)
>
> So what is your recommendation?
>
> I have RTFMed and thought that pserver would be a fair choice; but
> security issues worry me. Would the experienced experts be so kind as to
> give their opinions? :))
>
> Thanks a lot.
>
> Cheers!
> --Su.
>
****************************************************************************
**
> Sujatha Natraj Computer Engineering, NUS, Singapore.
> SMTP [EMAIL PROTECTED]
> HTTP http://www.comp.nus.edu.sg/~sujathan [UPDATED!]
>
****************************************************************************
**
>
>
>
>
>
