[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CVS security
|
From: |
Tracy Brown |
|
Subject: |
RE: CVS security |
|
Date: |
Wed, 16 May 2001 10:59:45 -0700 |
This is a matter of perspective. To a security administrator you are passing
through the firewall on what is probably an unauthorized port and the *code*
that you are downloading may contain viruses, worms, etc. I of course do not
feel this way and chances are your administrator doesn't understand *why*
people like us *need* to use CVS. I'm sure there are ways around this - and
depending on how your company's firewall is configured - you can just go
ahead and use the client. You might get caught and slapped on the hand.
Alternatively you could pose a business case to your management showing that
you require access to this remote repository and offer to sign a
nondisclosure statement or whatnot with regard to uploading proprietary
company data and maybe draft a little policy stating that on all *updates*
you will run some sort of virus detection program... Some of this may not
apply, but it's just an idea.
I am not aware of a CVS client posing an active risk in a security framework
such that an outsider could gain some level of access. The client does not
accept incoming connections...
Tracy.
> -----Original Message-----
> From: James Melton [mailto:address@hidden
> Sent: Wednesday, May 16, 2001 9:43 AM
> To: address@hidden
> Subject: CVS security
>
>
> I am trying to get my Unix sysadmin allow me to run a CVS client which
> will connect with a remote CVS server (not our server) via an
> anonymous
> id. He has shared his concern with our management that CVS
> remote access
> poses a significant risk to us. I think his fears are ungrounded, and
> that all the associated risk falls only on the server side.
>
> Are there any reviews of security risk associated with using a CVS
> client? Can there possibly be any risk to us?
>
> Any ideas are appreciated,
> Jim.
>
> ____________________________________________________________
> James Melton CyLogix
> 609.750.5190 609.750.5100
> address@hidden www.cylogix.com
>
> _______________________________________________
> Info-cvs mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/info-cvs
>
- CVS security, James Melton, 2001/05/16
- RE: CVS security,
Tracy Brown <=