[ On Monday, September 10, 2001 at 14:22:25 (-0700), Josh Baudhuin wrote: ]
> Subject: RE: Remote cvs and security
>
> Well, pserver + CVSROOT/passwd is one thing, but using pserver with the
> default authentication of the system isn't so bad. Passwords are stored
> in the same way that /etc/passwd encrypts them.
I suppose that's fine if you've got a 100% private and 100% trusted
(Virtual) Private Network, and you 100% trust all the clients on that
network, and provided that you don't need any real security.
CVS pserver with CVSROOT/passwd is a security nightmare otherwise. It
realy has no valid justification to exist at all and should be
eliminated because even on a 100% trusted VPN the alternatives are
still infinitely better from a security perspective (there's absolutely
no accountability with pserver).
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
