Re: Proposal: have client CVS send remote username to server CVS

[Noel L Yap]

[EMAIL PROTECTED] on 2000.07.21 14:12:54
>> 1. You wouldn't allow many-to-one user mappings at all.
>
>As I understand it, many to one mappings in CVS already keep track (in log
>messages, etc.) of the original user that logged in.  My system may remain
>vulnerable to many kinds of attacks, but I have more information available in
logs
>which I can poke through when trying to figure out exactly what happened.

Not when using CVS_RSH.  This is exactly what this proposal is about.


>> 2. You shouldn't be using CVS since you don't trust your developers.
>
>It has nothing to do with not trusting developers.  It has to do with
minimizing
>damages if something does go wrong.  I'm not running any high security
projects,
>but I'm fairly certain that even the people I trust implicitly can ocassionally
>leave their password written down in the wrong place.

And do you also make sure that their .cvspass files can't be read (either off
the filesystem or the network traffic)?

Noel



This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.