info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running multiple CVS instances


From: Greg A. Woods
Subject: Re: Running multiple CVS instances
Date: Fri, 13 Aug 2004 15:53:59 -0400 (EDT)

[ On , August 10, 2004 at 07:56:24 (-0700), mat bike wrote: ]
> Subject: Running multiple CVS instances
>
> We have a colleague working on another company that has tight firewall
> that only allows few ports open.  Unfortunately, CVS port is not one
> of them (and they don't want to allow it).

Good for them!


> We figured that we can bind another instance of CVS pserver to a port
> they permit traffice on and change our colleague's script to use this
> alternate port.

If I was the firewall/security admin at the other company I'd also snap
that port closed before you could blink (and I'm guessing it might
already be closed :-).


> Question is, how safe is this?? Will this cause any harm to our
> repository?  Any thoughts? Suggestions?

As Mark has already hinted in his earlier reply to this thread, trying
to bypass the other company's firewall isn't safe at all from a security
perspective, nor is it a good idea in terms of your professional
relationships.

By suggesting this you are encouraging your colleague to exploit a
covert channel through his company's firewall.  Depending on his
company's security policies he could very well be fired for making use
of the alternate port, assuming it isn't already blocked.

As Mark also said, you really must help your colleague work with the
security folks in the other company to understand why he needs access to
your server and work together to get a secure connection to your CVS
server.

You should also really carefully reconsider your use of an insecure
protocol such as CVSpserver on a public network.

-- 
                                                Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <address@hidden>
Planix, Inc. <address@hidden>          Secrets of the Weird <address@hidden>




reply via email to

[Prev in Thread] Current Thread [Next in Thread]