[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cvs Repository Password Change

From: Jim Hyslop
Subject: Re: cvs Repository Password Change
Date: Fri, 13 Jan 2006 16:27:49 -0500
User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

Hash: SHA1

William wrote:
> My CVS repository's admin asked my coworker to telnet into the server
> (i.e. tocvs) and change his password, then login on the machine hosting
> my coworkder's working directory (i.e. mkmxg00).  My coworker was able
> to cvs login to mkmxg00 without a user ID set up on tocvs.

First you say he logged into the server, now you're saying he doesn't
have a login account on the server. Am I correct in assuming that you
mean that, until recently, he didn't have a login account and now he does?

> Question) If my coworker can cvs login to mkmxg00 without a user ID on
> tocvs, what is the point of changing the password on tocvs?

If my assumption above is correct, then it's simple, basic security: the
password on the tocvs machine would be the default one set up by the
administrator. Users should always change their passwords immediately
from the default because (a) someone else knows their password, and (b)
default passwords are frequently derived from the user name, or are
trivial (such as "password" or "abc123") and can therefore be easily
hacked by someone else.

- --
Jim Hyslop
Dreampossible: Better software. Simply.
                 Consulting * Mentoring * Training in
    C/C++ * OOD * SW Development & Practices * Version Management
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird -


reply via email to

[Prev in Thread] Current Thread [Next in Thread]