[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: what's to stop a developer from nuking the repository?
|
From: |
Walter, Jan |
|
Subject: |
RE: what's to stop a developer from nuking the repository? |
|
Date: |
Tue, 20 Jan 2004 10:57:15 +0100 |
Well, it can be summed up thusly:
- pserver has a number of _possible_ security issues
- pserver, by design, was not to be "secure", but to allow access over a
network (you can form your own opinion on what that subtle difference might
be)
This all being said, as soon as you store your passwords in a .cvspass in
your home directory and stuff like this your "security" is out the window.
Finally, this also depends on your definition of the word "security": CVS as
a system was designed to be used in (relatively) trusted environments, i.e.
the developers are your employees and you can do nasty things like fire them
if they hose your repository because they were not being careful. CVS is
secure enough, IMHO, when used with pserver, to protect the developers from
themselves, so they won't accidentally nuke the repository. But if someone
really wants to mess it up, they can.
So, had the original question been "what's to stop a developer from
accidentally nuking the repository?" then pserver would cover a couple of
cases where this could happen nicely. Would this stop an intentionally
destructive attack? No.
Just my 2 cents' worth.
Cheers,
Jan
> -----Original Message-----
> From: Andy Jones [mailto:address@hidden
> Sent: Tuesday, January 20, 2004 10:16 AM
> To: address@hidden
> Subject: Re: what's to stop a developer from nuking the repository?
>
>
> At 09:06 am 20/1/04, Claus Henriksen wrote:
> >Tirsdag den 20. januar 2004 09:33 skrev Greg A. Woods:
> >> [ On Monday, January 19, 2004 at 15:43:35 (-0800), Mark wrote: ]
> >>
> >> > Subject: Re: what's to stop a developer from nuking the
> repository?
> >> >
> >> > have unix command line users use :pserver:
> >>
> >> That's really Really REALLY _B_A_D_ advice!!!!
> >>
> >> There is absolutely _NO_ accountabilty or any other form
> of security in
> >> pserver. DO NOT _EVER_ USE PSERVER FOR NON-ANONYMOUS ACCESS!!!!
> >
> >Has anybody made a long wishlist of things to be changed in pserver?
> >I think the idea behind pserver is ok, but when I see these
> uppercase letters
> >above I wonder what we could/should do about it if it should
> work properly.
>
> Please forgive me if I am mistaken, and in any case I
> certainly don't want to start a flame war, but am I right in
> thinking that Greg's opinion does not reflect the majority view?
>
>
>
> _______________________________________________
> Info-cvs mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/info-cvs
>
- Re: what's to stop a developer from nuking the repository?, (continued)
- Re: what's to stop a developer from nuking the repository?, Greg A. Woods, 2004/01/21
- Re: what's to stop a developer from nuking the repository?, johnny fulcrum, 2004/01/20
- Re: what's to stop a developer from nuking the repository?, Greg A. Woods, 2004/01/21
- Re: what's to stop a developer from nuking the repository?, WJCarpenter, 2004/01/21
- Re: what's to stop a developer from nuking the repository?, Greg A. Woods, 2004/01/23
- Re: what's to stop a developer from nuking the repository?, david, 2004/01/20
- Re: what's to stop a developer from nuking the repository?, Greg A. Woods, 2004/01/21
- Re: what's to stop a developer from nuking the repository?, david, 2004/01/21
- Re: what's to stop a developer from nuking the repository?, Geoff Beier, 2004/01/20
- Re: what's to stop a developer from nuking the repository?, Greg A. Woods, 2004/01/20
RE: what's to stop a developer from nuking the repository?,
Walter, Jan <=
Re: what's to stop a developer from nuking the repository?, Andy Jones, 2004/01/20
RE: what's to stop a developer from nuking the repository?, Jim.Hyslop, 2004/01/20
RE: what's to stop a developer from nuking the repository?, Jim.Hyslop, 2004/01/20
Re: what's to stop a developer from nuking the repository?, Adrian Crossley, 2004/01/20