-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Claus Henriksen <[EMAIL PROTECTED]> writes:
> Well, what then if you tunnel pserver like explained in > http://wwwhome.cs.utwente.nl/~klaren/index.html?left.html&cvs-stunnel.html ? > Has somone experience with that? > I got it up working alright, but I have got no true long-time experience. The link does show you how to send your passwords and data to/from the server more securely which would reduce the possibility of someone snooping your password out of the tcp connection itself or of getting ahold of your files without needing to go to a bit more trouble. However, under the :pserver: method, the password is kept trivially encoded both on your desktop (in $HOME/.cvspass) and on the server (in CVSROOT/passwd). Also, the cvs application will still be running as 'root' for a short time to listen to new connecitons before switching to the appropriate user doing the commit. I am not willing to make any claims that cvs is 'secure' from a local root exploit. There have been such in the past and could be more in the future as cvs was not designed originally with much security in mind. It all comes down to what kind of security is good enough to mitigate the risks to your source base. Everyone needs to make their own risk assessment when choosing the source control system they are going to use and how they are going to configure it will also impact how secure the data being kept really is. Good luck, -- Mark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFACBqd3x41pRYZE/gRAmHTAKDgqv1DyyEd68hMKdpzIj6Na1kB5ACgtkQe IWgxxVnc5CpTT3BCrfeOHok= =75BB -----END PGP SIGNATURE----- _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
