info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ANN: cvssh - secure ext-to-pserver bridge


From: Greg A. Woods
Subject: Re: ANN: cvssh - secure ext-to-pserver bridge
Date: Fri, 25 Jan 2002 15:47:23 -0500 (EST)

[ On Friday, January 25, 2002 at 11:30:27 (-0800), Paul Sander wrote: ]
> Subject: Re: ANN: cvssh - secure ext-to-pserver bridge
>
> CVS' pserver mode implements its own security.  It's up to the CVS
> developers and the pserver mode users to decide if the security is
> good enough.

And there's where your fatal flaw lies.  CVS cannot, by design *and*
implementation, possibly securely implement any even reasonable level of
authentication and authorisation service.  Period.  CVS pserver
is good enough only for totally anonymous (and presumably read-only)
access, and _NOTHING_ more.

CVS pserver _MUST_ die.  It should never ever have been publically
released.  It is flawed by design.  A secure implementation is
impossible.

-- 
                                                                Greg A. Woods

+1 416 218-0098;  <address@hidden>;  <address@hidden>;  <address@hidden>
Planix, Inc. <address@hidden>; VE3TCP; Secrets of the Weird <address@hidden>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]