[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Security, audits and pserver
|
From: |
Greg A. Woods |
|
Subject: |
RE: Security, audits and pserver |
|
Date: |
Mon, 16 Dec 2002 16:09:11 -0500 (EST) |
[ On Monday, December 16, 2002 at 17:16:41 (+0100), Walter, Jan wrote: ]
> Subject: RE: Security, audits and pserver
>
> That's why you would tunnel it over ssh or something like that, with limited
> key access. People you trust get the key, and their key gets kept on the
> server. Definitely, a wide-open pserver connection is just an invitation to
> get cracked.
No, that's why you'd use SSH plain and simple with real, proper, unique
system accounts for every real person, and never use CVSpserver, not
even tunneled, because even with the tunnel you end up having no
possibility of achieving even minimal accountability -- any CVSpserver
user can trivially spoof any other at several levels. CVS is _NOT_ a
security application, nor is it a multi-user operating system kernel.
--
Greg A. Woods
+1 416 218-0098; <address@hidden>; <address@hidden>
Planix, Inc. <address@hidden>; VE3TCP; Secrets of the Weird <address@hidden>
- Re: Security, audits and pserver, (continued)
- Re: Security, audits and pserver, Phil R Lawrence, 2002/12/12
- RE: Security, audits and pserver, Neis, Mark, 2002/12/12
- RE: Security, audits and pserver, Douglas Finkle, 2002/12/13
- RE: Security, audits and pserver, Walter, Jan, 2002/12/16
- RE: Security, audits and pserver, Walter, Jan, 2002/12/16
- RE: Security, audits and pserver,
Greg A. Woods <=