[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS access control

From: Greg A. Woods
Subject: Re: CVS access control
Date: Wed, 26 Sep 2001 21:22:19 -0400 (EDT)

[ On Thursday, September 27, 2001 at 03:04:22 (+0400), Tobias Brox wrote: ]
> Subject: Re: CVS access control
> I'd say it would even be better off without password authentication at all
> (and use pserver only where public access is wanted).

Me too!   :-)  [[ PLEASE!!!! ]]

> Sorry for beeing unclear.  pserver and ssh does the authentication (who are
> you?).  When I say "access control", I'm thinking of authorization (who
> should be able to do what).  I do think that authentication is out of the
> scope of CVS (ok, pserver _is_ already a part of CVS ... but anyway ...). 

CVS is not a security tool -- it simply manages a bunch of files.  You
do not want to even think about trying to make CVS into a security tool
-- that would be bad design and any implementation would inevitably be
doomed to ultimate failure since it could not, by definition, meet the
design goals.

I.e. CVS has no business doing anything related to access control,
authentication, authorisation, or anything related.

Use your OS to implement security policy and CVS will (have to) honour
your policy -- why make it any more complicated than that, since that's
all that's really necessary.

                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <address@hidden>     <address@hidden>
Planix, Inc. <address@hidden>;   Secrets of the Weird <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]