[EMAIL PROTECTED] on 2000.08.10 02:57:51
> 90%: I give a password to someone who turns out to be nasty and
> they try to do something unpleasant to my archive
This can happen with SSH as well.
> 8%: Someone sniffs a CVS password somewhere
>
> 2%: Someone finds a buffer overflow in the code that runs as root
These should be eliminated by using SSH.
>Since I think 90% of my risk comes from authorized users I have taken
>several steps to reduce that risk:
>
> 1) ACL. A lot of people simply can't write to most of the repository.
>
> 2) chroot. Even the people who can aren't able to escape the repository
>
> 3) diffs. If you do change something in the repository, I am watching, and
> I look at all the changes to see who did what. There are other people
> watching too.
>
> 4) lots of redundant backups and copies of my code out there, so that
> i will always be able to revert to something if I have to
Nothing prevents you from doing these when using SSH. In fact, you can now take
better advantage of using file system ACL's.
>Having a chrooted pserver actually eliminates far more risk than a
>non-chrooted ssh solution would.
It's interesting how you compare chroot'ed pserver to non-chroot'ed SSH.
Also, how do you know who did what when users aren't "really" authenticated?
For example, using your numbers, there's a 1 out of 10 chance (fairly high in my
opinion), that someone can pose as someone else. So now what, you revoke
priveleges from the person who was impersonated?
Noel
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
