[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Linux security issues as they pertain to CVS
|
From: |
Derek R. Price |
|
Subject: |
Re: Linux security issues as they pertain to CVS |
|
Date: |
Fri, 01 Jun 2001 14:02:22 -0400 |
"Greg A. Woods" wrote:
> The problem is that I see it as if you're trying to say that CVS Pserver
> plus SSL equals secure. It most certainly does not. You have no
> provable authentication and thus no provable accountability.
Not on the server side, but it prevents sniffing. Server certificate checking
can
prove to the client that it got the correct server and this can prevent the
user from
sending her password to an imposter.
Derek
--
Derek Price CVS Solutions Architect ( http://CVSHome.org )
mailto:address@hidden CollabNet ( http://collab.net )
--
"My father often told me,
We have servants and machines
in order that our will may be carried out
beyond the reach of our own arms.
Machines are more powerful than servants
and more obedient and less rebellious,
but machines have no judgement
and will not remonstrate with us
when our will is foolish,
and will not disobey us
when our will is evil.
In times and places where people despise the gods,
those most in need of servants have machines,
or choose servants who will behave like machines.
I believe this will continue
until the gods stop laughing."
-Orson Scott Card, "Children of the Mind"
- Re: Linux security issues as they pertain to CVS,
Derek R. Price <=