Well, pserver + CVSROOT/passwd is one thing, but using pserver with the
default authentication of the system isn't so bad. Passwords are stored
in the same way that /etc/passwd encrypts them.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of Mike Castle
Sent: Monday, September 10, 2001 8:51 AM
To: [EMAIL PROTECTED]
Subject: Re: Remote cvs and security
On Mon, Sep 10, 2001 at 08:41:34AM -0500, Colin Bester wrote:
> Creating CVSROOT/passwd file is fine for attempting to protect users
> system passwords, but still leaves the repository vunerable itself.
This is a red herring.
Avoid using pserver,
Give users accounts, and set them up using ssh.
If you are that paranoid about your developers compromising system
passwords, then put them on a separate system that has no privileges, so
even if they do get root, they can't affect the rest of your network.
mrc
--
Mike Castle [EMAIL PROTECTED]
www.netcom.com/~dalgoda/
We are all of us living in the shadow of Manhattan. -- Watchmen
fatal ("You are in a maze of twisty compiler features, all different");
-- gcc
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
