[ On Friday, January 25, 2002 at 11:30:27 (-0800), Paul Sander wrote: ]
> Subject: Re: ANN: cvssh - secure ext-to-pserver bridge
>
> CVS' pserver mode implements its own security. It's up to the CVS
> developers and the pserver mode users to decide if the security is
> good enough.
And there's where your fatal flaw lies. CVS cannot, by design *and*
implementation, possibly securely implement any even reasonable level of
authentication and authorisation service. Period. CVS pserver
is good enough only for totally anonymous (and presumably read-only)
access, and _NOTHING_ more.
CVS pserver _MUST_ die. It should never ever have been publically
released. It is flawed by design. A secure implementation is
impossible.
--
Greg A. Woods
+1 416 218-0098; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>; VE3TCP; Secrets of the Weird <[EMAIL PROTECTED]>
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
