[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cvs-dev] Re: cvs-passwd patch
From: |
Mark D. Baushke |
Subject: |
Re: [Cvs-dev] Re: cvs-passwd patch |
Date: |
Mon, 25 Sep 2006 10:53:10 -0700 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Folks,
A few questions on security...
1) How does a CVS aministrator disable users changing passwords if
that is their local policy?
2) How does a CVS administrator ensure that the 'anonymous' login (if
any) does not have the password changed by a malicious user? This
same question may apply to other administrative accounts such as is
used by the wandisco folks.
3) How does a CVS administrator detect if someone is using a
dictionary attack against :pserver: and what records, if any, are
to be kept that a particular user did change their password?
I think the CVSNT folks would likely have some input on this situation
as they have had a method in place for changing a password for a long
time. Tony? Have you any wisdom for us?
I suspect that #1 will need to be addressed by Prasad's additions at
some point.
Thanks,
-- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (FreeBSD)
iD8DBQFFGBeFCg7APGsDnFERAsFHAJ9G1FTULpHweA50585vZnFYCHOFfwCfasPt
kpt77RXx0ecSlwwPm/Oj1fs=
=tyKN
-----END PGP SIGNATURE-----
- [Cvs-dev] Re: cvs-passwd patch, about sanity.sh, Derek R. Price, 2006/09/12
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, about sanity.sh, Derek R. Price, 2006/09/14
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, Mark D. Baushke, 2006/09/22
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, Mark D. Baushke, 2006/09/25
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, Mark D. Baushke, 2006/09/25
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, Mark D. Baushke, 2006/09/25
- Re: [Cvs-dev] Re: cvs-passwd patch,
Mark D. Baushke <=
- Re: [Cvs-dev] Re: cvs-passwd patch, Tony Hoyle, 2006/09/25
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, Mark D. Baushke, 2006/09/26
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, hash.c doubt, Mark D. Baushke, 2006/09/28
- Message not available
- [Cvs-dev] Re: cvs-passwd patch, hash.c doubt, Mark D. Baushke, 2006/09/28
- [Cvs-dev] Re: cvs-passwd patch, hash.c doubt, Derek R. Price, 2006/09/28
- [Cvs-dev] Re: cvs-passwd patch, hash.c doubt, Derek R. Price, 2006/09/28