> > >CVS [pserver] with its own dedicated socket/port
> > > [port forwarded] run across SSH
> > >
> > > Transport secured, but the CVS socket/port
> > > is open to the world on the remote machine,
> > > and hence is insecure there, and on the
> > > remote machine's network.
> >
> > If the data stream is encrypted, why do you call this insecure? How secure is
> > secure?
>
> The CVS socket on the remote machine will happily encrypt an attacker's
> connection just as it will the encrypt a legitimate user's connection.
>
> I.e. in that configuration it's still only as secure as the remote
> machine, which if it's multi-user then it's not secure at all.
Amplifying: Such a configuration is not just insecure
if you are multiuser. Most PCs are not multiuser,
but if a cracker can cause a program to run on a PC
(perhaps because of a bug in file sharing or the like)
then he can access the forwarded port even on a single
user PC.