Hi, David: David A. Desrosiers wrote: >>Duh. If you're doing authentication and authorisation on a unix-based >>file server then you MUST, _M_U_S_T_ use a unique system account for >>ever real-world user or else you might as well not use any >>authentication whatsoever. Pserver has NO accountability from the >>system's point of view. None whatsoever. Don't use pserver. Ever. >>
[...] > > Also, giving a user a shell, even chrooted, or blocked from the > ability to log in, consumes much more process and resources on the box, > and definately scales linearly, and is open to much more exploitable > holes than what pserver provides. The risk of sniffing the password is > nil using pserver, since obtaining it gives the "cracker" exactly > nothing. Are they going to commit code on our behalf? Unlikely. > Delete a tag? We can roll back out. It's all negligable. > Not to tell you are not putting some sensible insigths here, but what you're telling is your code is not a valuable asset: They can checkin, but they can check out too and steal your code (wasn't told somebody in Russia did this with Win2000 code?). Well, if you don't mind someone else having access to your code you could release it open sourced, don't you? -- SALUD, Jesus *** [EMAIL PROTECTED] *** Desde Zaragoza, busco empleo - http://www.geocities.com/jesusm_navarro/CV/cv.html *** _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
