[ On Thursday, June 8, 2000 at 12:13:35 (-0400), Larry Jones wrote: ]
> Subject: Re: Proposal: have client CVS send remote username to server CVS
>
> The main problem I see with this is that you lose all accountability --
> the client can claim to be anyone and the server will just blindly
> accept that the client is telling the truth. pserver does at least some
> authentication by requiring that the user be known and requiring the
> corresponding password.
I would point out that requiring someone to know both halves of the
"username/password" pair for cvs-pserver access doesn't really grant any
significant amount of accountability except in the most restricted
scenarios. Cvs-pserver conceptually only affords accountability from
the point of view of the host system to the extent that one knows things
like "well it must have been one of those CVS users who did such and
such."
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
