OK, I've decided to make such a patch. I'm not sure how to go about doing it,
though. I can't find where in the code the client can send initial information
(ie remote username) over to the server. Can anyone give me a pointer?
Thanks,
Noel
[EMAIL PROTECTED] on 06/11/2000 09:55:55 AM
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED] (bcc: Noel L Yap)
Subject: Re: Proposal: have client CVS send remote username to server CVS
[EMAIL PROTECTED] on 2000.06.10 19:23:23
>Pserver authentication is completely adequate :) It just runs over the
>insecure channel and has unclean mixage of various subsystems in its
>current, non-nserver form.
No, it's not, it's extremely prone to replay attacks and stolen .cvspass files.
Furthermore, the encryption of the .cvspass file is reversible, meaning that,
given a .cvspass file, /anyone/ can figure out the plaintext password.
More than that, any code dealing with security _must_ be audited to ensure that
it is secure. I don't think that's been done to any of the CVS code; I don't
think it should be necessary.
Besides, nserver doesn't address the concerns of those who want to use
CVS_RSH=ssh.
Noel
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
