James Melton <[EMAIL PROTECTED]>
> I am trying to get my Unix sysadmin allow me to run a CVS client which
> will connect with a remote CVS server (not our server) via an anonymous
> id. He has shared his concern with our management that CVS remote access
> poses a significant risk to us. I think his fears are ungrounded, and
> that all the associated risk falls only on the server side.
>
> Are there any reviews of security risk associated with using a CVS
> client? Can there possibly be any risk to us?
These items sufficed for our own admin:
1. Your site needs only outbound access. Inbound access is
disabled, so nobody can attack through that route.
2. You are only using anonymous access, so you are not exposing
any of your own passwords over the connection.
3. Anonymous CVS is read-only. You can't accidentally send
data from your system over the connection.
With these
HTH,
Mark
--
Mark Harrison [EMAIL PROTECTED] "the arms merchant of choice
Chief Software Architect [EMAIL PROTECTED] for virtually every combatant
AsiaInfo Holdings, Inc. +86-1390-138-3470 in China's network wars..."
Beijing/Santa Clara/Hong Kong icq:106821430 - Wall Street Journal
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs