[ On Monday, December 16, 2002 at 17:16:41 (+0100), Walter, Jan wrote: ]
> Subject: RE: Security, audits and pserver
>
> That's why you would tunnel it over ssh or something like that, with limited
> key access. People you trust get the key, and their key gets kept on the
> server. Definitely, a wide-open pserver connection is just an invitation to
> get cracked.
No, that's why you'd use SSH plain and simple with real, proper, unique
system accounts for every real person, and never use CVSpserver, not
even tunneled, because even with the tunnel you end up having no
possibility of achieving even minimal accountability -- any CVSpserver
user can trivially spoof any other at several levels. CVS is _NOT_ a
security application, nor is it a multi-user operating system kernel.
--
Greg A. Woods
+1 416 218-0098; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>; VE3TCP; Secrets of the Weird <[EMAIL PROTECTED]>
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs
