[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Remote cvs and security
|
From: |
Greg A. Woods |
|
Subject: |
RE: Remote cvs and security |
|
Date: |
Mon, 10 Sep 2001 18:10:53 -0400 (EDT) |
[ On Monday, September 10, 2001 at 14:22:25 (-0700), Josh Baudhuin wrote: ]
> Subject: RE: Remote cvs and security
>
> Well, pserver + CVSROOT/passwd is one thing, but using pserver with the
> default authentication of the system isn't so bad. Passwords are stored
> in the same way that /etc/passwd encrypts them.
I suppose that's fine if you've got a 100% private and 100% trusted
(Virtual) Private Network, and you 100% trust all the clients on that
network, and provided that you don't need any real security.
CVS pserver with CVSROOT/passwd is a security nightmare otherwise. It
realy has no valid justification to exist at all and should be
eliminated because even on a 100% trusted VPN the alternatives are
still infinitely better from a security perspective (there's absolutely
no accountability with pserver).
--
Greg A. Woods
+1 416 218-0098 VE3TCP <address@hidden> <address@hidden>
Planix, Inc. <address@hidden>; Secrets of the Weird <address@hidden>
Re: Remote cvs and security, David Fuller, 2001/09/10