[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Mark D. Baushke
Tue, 26 Oct 2004 09:06:56 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Gleidson Sá Barreto <address@hidden> writes:
> I dont undestand why many people use Pserver if
> ext-ssh is more secury.
Either do I.
> What is advantages of the Pserver?
I have to assume it is mostly over worked administrators. They can
enable it without needing to setup host accounts for all of their cvs
However, they now need to do separate password management and they still
need to maintain unique userids for the cvs commits (well, the feature
branch allows them to use PAM-based authentication if they want to, but
why would a security-minded administrator want yet another application
that could cause an attach against passwords on the system?)
They also need to worry that some future exploit of cvs will be a root
exploit as the cvs pserver stuff starts life out of the inetd
configuration as a 'root' user.
The only benefit I can see for :pserver: is that it is simpler to grant
anonymous read-only access to a repository. It is still possible to do
given :ext:, but requires a bit more work by an administrator in this
I would be completely in favor of removing :pserver: support from cvs.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
-----END PGP SIGNATURE-----
- autentication, Gleidson Sá Barreto, 2004/10/26
- Re: autentication,
Mark D. Baushke <=