On Fri, 26 Sep 2003 02:57 am, Rob Helmer wrote: > 1) permanently delete files under CVS control > 2) run arbitrary commands (including commands they upload)
> 1 is bad enough, but 2 could allow them (or someone with access to their > account) to use the server for any manner of attack on other servers > either inside or outside of your organization. An important 3, if you work for a large organisation or Bank, the an Audit requirement includes that the user must not be able to access the repository files because they could edit the file history (ie do dodgy things) Regards, Jacob _______________________ http://rhoden.id.au/ _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
