Re: Proposal: have client CVS send remote username to server CVS

[Noel L Yap]

[EMAIL PROTECTED] on 2000.07.17 17:29:20
>>>>>> "NLY" == Noel L Yap <[EMAIL PROTECTED]> writes:
>
>NLY> This is one of the reasons why I decided to hack CVS instead of
>NLY> SSH.  I figured a security hole in a product not meant to be
>NLY> secure was better than one in a product that was meant to be
>NLY> secure (even though the insecurity resides in the fact that the
>NLY> software advertises that it knows something that it can't be sure
>NLY> of).
>
>Especially while there _is_ the way to make sure that advertiser
>really knows what he says he does.

How can an SSH server know that the SSH client hasn't been compromised and is
sending a spoofed username?

Noel



This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.