[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux security issues as they pertain to CVS

From: Derek R. Price
Subject: Re: Linux security issues as they pertain to CVS
Date: Fri, 01 Jun 2001 14:02:22 -0400

"Greg A. Woods" wrote:

> The problem is that I see it as if you're trying to say that CVS Pserver
> plus SSL equals secure.  It most certainly does not.  You have no
> provable authentication and thus no provable accountability.

Not on the server side, but it prevents sniffing.  Server certificate checking 
prove to the client that it got the correct server and this can prevent the 
user from
sending her password to an imposter.


Derek Price                      CVS Solutions Architect ( )
mailto:address@hidden         CollabNet ( )
"My father often told me,
We have servants and machines
in order that our will may be carried out
beyond the reach of our own arms.
Machines are more powerful than servants
and more obedient and less rebellious,
but machines have no judgement
and will not remonstrate with us
when our will is foolish,
and will not disobey us
when our will is evil.
In times and places where people despise the gods,
those most in need of servants have machines,
or choose servants who will behave like machines.
I believe this will continue
until the gods stop laughing."

        -Orson Scott Card, "Children of the Mind"

reply via email to

[Prev in Thread] Current Thread [Next in Thread]