Re: Proposal: have client CVS send remote username to server CVS

[Noel L Yap]

How do you guarantee that CVSUSER is set properly (ie can't be spoofed)?

Noel

PS
I chose REMOTE_USER 'cos that's what Encommerce sets.  I haven't figured a way
to spoof
Encommerce's REMOTE_USER setting, but, then again, I'm not an expert hacker.




[EMAIL PROTECTED] on 2000.07.19 16:15:51

To:   [EMAIL PROTECTED]
cc:   [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject:  Re: Proposal: have client CVS send remote username to server CVS




>>>>> "NLY" == Noel L Yap <[EMAIL PROTECTED]> writes:

NLY> Yes, exactly.  This is what happens now with pserver.  Ideally,
NLY> CVS should use an environment variable REMOTE_USER that's set by
NLY> authentication software (eg SSH).  But since I don't want to risk
NLY> breaking SSH, I don't want to make the change in it.

By the way, cvs from cvs-nserver uses env var CVSUSER as the only way
to determine the remote user name.

Note the choice of name.

--alexm





This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.