All right, I'll bite. What exactly is it about using ssh to give cvs
connection that is insecure? You can control which users are able to
access the repository, because you only allow the ones you want to set up
authorization to connect to your system with ssh; and all data is
transferred with encryption and good authentication. This is more secure
than any other way of giving people access to a code base than any other
method I have ever heard of. Is there a hole I don't see, or a better
method available?
If your point is that, in order to let a user access CVS, you have to let
them ssh into your system, I don't think it would take a rocket scientist to
figure out a shell to assign such users that only lets them use CVS. OK,
this may not work on a Windows 95 or NT host, but security there is a very
different matter.
--
Bradford K. Hull | Before you criticize a man, walk a mile in his shoes.
[EMAIL PROTECTED] | That way, if he gets angry, he's a mile away and barefoot.
(206)701-2066 | Anonymous
