Re: Proposal: have client CVS send remote username to server CVS

[Derek R. Price]

Noel L Yap wrote:

> 1. You wouldn't allow many-to-one user mappings at all.

As I understand it, many to one mappings in CVS already keep track (in log
messages, etc.) of the original user that logged in.  My system may remain
vulnerable to many kinds of attacks, but I have more information available in logs
which I can poke through when trying to figure out exactly what happened.


> 2. You shouldn't be using CVS since you don't trust your developers.

It has nothing to do with not trusting developers.  It has to do with minimizing
damages if something does go wrong.  I'm not running any high security projects,
but I'm fairly certain that even the people I trust implicitly can ocassionally
leave their password written down in the wrong place.

Derek

--
Derek Price                      CVS Solutions Architect
mailto:[EMAIL PROTECTED]     OpenAvenue ( http://OpenAvenue.com )
--
Bugs come in through open Windows.