[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cvs Repository Password Change
|
From: |
Jim Hyslop |
|
Subject: |
Re: cvs Repository Password Change |
|
Date: |
Fri, 13 Jan 2006 16:27:49 -0500 |
|
User-agent: |
Mozilla Thunderbird 1.0.6 (Windows/20050716) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
William wrote:
> My CVS repository's admin asked my coworker to telnet into the server
> (i.e. tocvs) and change his password, then login on the machine hosting
> my coworkder's working directory (i.e. mkmxg00). My coworker was able
> to cvs login to mkmxg00 without a user ID set up on tocvs.
First you say he logged into the server, now you're saying he doesn't
have a login account on the server. Am I correct in assuming that you
mean that, until recently, he didn't have a login account and now he does?
>
> Question) If my coworker can cvs login to mkmxg00 without a user ID on
> tocvs, what is the point of changing the password on tocvs?
If my assumption above is correct, then it's simple, basic security: the
password on the tocvs machine would be the default one set up by the
administrator. Users should always change their passwords immediately
from the default because (a) someone else knows their password, and (b)
default passwords are frequently derived from the user name, or are
trivial (such as "password" or "abc123") and can therefore be easily
hacked by someone else.
- --
Jim Hyslop
Dreampossible: Better software. Simply. http://www.dreampossible.ca
Consulting * Mentoring * Training in
C/C++ * OOD * SW Development & Practices * Version Management
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDyBtVLdDyDwyJw+MRAmtEAKDMcybTcmnuzpLKmNniS5NcH9w9sQCeKInH
m3K1TvIyt1Cmg4BUJfoZ7A4=
=4QOi
-----END PGP SIGNATURE-----