Re: [Fwd: Socks support in CVS]

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: Socks support in CVS]

From:	Mark D. Baushke
Subject:	Re: [Fwd: Socks support in CVS]
Date:	Mon, 16 Jun 2003 09:43:03 -0700

Hi Folks,

It has been a long time since I played with SOCKS myself, but I was
under the impression that folks were moving to SOCKS V5 rather than
the weaker (from a security point of view) SOCKS V4 implementation(s).

SOCKS V4 does not support authentication while SOCKS V5 supposedly
supports a variety of authentication methods.

There appear to be multiple implementatons of SOCKS V4/V5 out there.
ftp://ftp.nec.com/pub/socks (SOCKS V4)
http://www.socks.nec.com/ (NEC's SOCKS V5)

The SOCKS V4 protocol does not have an official RFC. There are two
documents describing Version 4:

    * http://www.socks.nec.com/socks4.protocol (SOCKS V4 protocol)

    * http://www.socks.nec.com/socks4a.protocol (extension to SOCKS V4
      protocol)

The SOCKS V5 protocol has three related RFCs:

    * RFC1928 - Describes SOCKS Version 5 protocol, also known as
      Authenticated Firewall Traversal (AFT).

    * RFC1929 - Describes Username/Password authentication for SOCKS V5.

    * RFC1961 - Describes GSS-API authentication for SOCKS V5

My question would be why adding a non-standard protocol (SOCKS V4) to
CVS is the right thing to do -- instead of it being a standards-based
(SOCKS V5) protocol?

All that said, I would much rather see folks using external programs
like ssh as those folks that really do understand security and firewalls
rather than try to accret on older security models into cvs ascvs itself
is not a very secure framework.

        Thanks,
        -- Mark

Derek Robert Price <derek@ximbiot.com> writes:

>   Anyone else have an opinion on or want to handle this?  I haven't
> dealt with SOCKS in 6 years and my knowledge was pretty peripheral
> back then.
> 
> -------- Original Message --------
> From: - Fri Jun 13 18:35:05 2003
> Date: Fri, 13 Jun 2003 15:27:25 -0700
> From: Nicolas Catania <nicolas.catania@hp.com>
> Subject: Socks support in CVS
> To: dprice@cvshome.org
> Message-id: <16106.20429.43696.734871@necromancer.cup.hp.com>
> 
> Derek,
> 
> I have modified the stable version of CVS to make use of socks v4
> proxy. This way cvs can be used on windows to checkout cvs
> repositories outside a firewall.
> 
> The change is fairly small (Makefile.am, configure.in, client.c,
> socks.c (new file)) and controlled via a new configuration option:
> --enable-socks. I would like to know if you would be interested in
> incorporating these in the unstable code tree.
> 
> Cheers
> 
> Niko
> 
> -- 
> Nicolas Catania
> 
> Web Services Management Operation
> HP Openview Division
> +1 408 447-4564
> nicolas_catania@hp.com

[Prev in Thread]

Current Thread

[Next in Thread]

[Fwd: Socks support in CVS], Derek Robert Price, 2003/06/16
- Re: [Fwd: Socks support in CVS], Mark D. Baushke <=
  - Re: [Fwd: Socks support in CVS], Nicolas Catania, 2003/06/16
    - Re: [Fwd: Socks support in CVS], Mark D. Baushke, 2003/06/16
    - Re: [Fwd: Socks support in CVS], Larry Jones, 2003/06/16
    - Re: [Fwd: Socks support in CVS], Mark D. Baushke, 2003/06/16
    - Re: [Fwd: Socks support in CVS], Nicolas Catania, 2003/06/16
- Re: [Fwd: Socks support in CVS], Larry Jones, 2003/06/16
  - Re: [Fwd: Socks support in CVS], Derek Robert Price, 2003/06/16
  - Re: [Fwd: Socks support in CVS], Nicolas Catania, 2003/06/16
    - Re: [Fwd: Socks support in CVS], Derek Robert Price, 2003/06/16
    - Re: [Fwd: Socks support in CVS], Derek Robert Price, 2003/06/16

Prev by Date: Re: import inconsistency
Next by Date: Re: [Fwd: Socks support in CVS]
Previous by thread: [Fwd: Socks support in CVS]
Next by thread: Re: [Fwd: Socks support in CVS]
Index(es):
- Date
- Thread