I have cvs running on a shared box at my isp. They don't allow pserver to run and port 2401 is closed to the outside, and besides I am much more comfortable with the security of SSH. So I set up acce
I have cvs running on a shared box at my isp. They don't allow pserver to run and port 2401 is closed to the outside, and besides I am much more comfortable with the security of SSH. So I set up acce
Before you consider that, you should read: http://www.cvshome.org/docs/manual/cvs-1.11.14/cvs_2.html#SEC32 2.9.3.3 Security considerations with password authentication The passwords are stored on the
[ On Tuesday, March 23, 2004 at 12:12:37 (-0800), Conrad T. Pino wrote: ] What more could you expect? Any kind of _real_ security increases the administration effort necessary on any server. Setting
Hmm, pserver has nice features and is great with a read-only server but is a problem with read/write servers because user id & password exchange is very insecure. Especially nice is user control wit
Le 04-03-18, à 18:33, Eric Gorr <address@hidden> a écrit : I've got a MacOSX (Panther) Server machine on a network and would like to use it for a CVS Repository. Now, in the various documentation I
[ On Wednesday, February 18, 2004 at 11:25:56 (-0500), Patton, Matthew E., CTR, OSD-PA&E wrote: ] You're confusing your "levels"(?) of trust, without any apparent regard for the threat models involve
Classification: UNCLASSIFIED I agree 100% with Jim Hyslop's POV. Like ANYBODY who looks at the CVS code can trust it! So it's not as bad as qmail and other hideous projects out there but the code-bas
[ On Wednesday, January 21, 2004 at 13:12:05 (-0800), WJCarpenter wrote: ] Note first off that this discussion is as old as the hills. I should hope you can learn nothing new here that you couldn't l
So, since it's unreliable to read between the lines to try to figure out what you're saying, is it that there are bugs in the canonical CVS *implementation* that lead to these problems? Is it by exp
However, setting up pserver is easier than setting up ssh. Setting up ssh requires reading more instructions, which are not necessarily as accessible. I set up remote users on a VPN with pserver onc
[ On Tuesday, January 20, 2004 at 15:13:08 (-0600), address@hidden wrote: ] Indeed it is! ;-) Well, in fact pserver _precludes_ any possiblity of accountability by its very design and implementation.
[ On Tuesday, January 20, 2004 at 14:02:19 (-0600), johnny fulcrum wrote: ] Of course. CVS is not a security application, was not designed as a security application, and despite recent hackish patche
[ On Tuesday, January 20, 2004 at 10:58:32 (-0500), Mike Echlin wrote: ] Well, yes, though it depends on your threat models and exactly what you're doing and how you're doing it. In any case the bigg
You should be making this choice (pserver or not) based on what security you want/need. Realistically this is going to be somewhere between perfection and better_than_I_had_already. Lets face it if y
That kind of secured network is becoming more and more rare, though. Even if you could trust all your users with the root password, these days most corporate networks are connected to the Big Bad Int
Please forgive me if I am mistaken, and in any case I certainly don't want to start a flame war, but am I right in thinking that Greg's opinion does not reflect the majority view? I can't speak for t
Tirsdag den 20. januar 2004 09:33 skrev Greg A. Woods: [ On Monday, January 19, 2004 at 15:43:35 (-0800), Mark wrote: ] have unix command line users use :pserver: That's really Really REALLY _B_A_D_
Well, it can be summed up thusly: - pserver has a number of _possible_ security issues - pserver, by design, was not to be "secure", but to allow access over a network (you can form your own opinion
Please forgive me if I am mistaken, and in any case I certainly don't want to start a flame war, but am I right in thinking that Greg's opinion does not reflect the majority view?