Index:
[thread]
[date]
[subject]
[author]
From: becka@rz.uni-duesseldorf.de
To : ggi-develop@eskimo.com
Date: Sat, 13 Feb 1999 19:30:51 +0100 (MET)
Re: CVS maintainer?
Hi !
> rsh method (with rsh=ssh) which requires one system acct per cvs acct. Do
> you know of any way to set up multiple rw accts using a strong encryption
> mechanism such as ssh or ssl? I mean, without needing one system acct per
> cvs acct?
The pserver method is not exactly "strong".
> I'd like to know how secure the password method is... Are the passwords
> crypt()ed at the cvs server's end? if so, you're transmitting passwords
> cleartext. If they are crypt()ed locally, the possibility for trojan is
> hanging right out..
The pserver method is not strong. The passwords are stored locally and
transmitted - well, not really crypted, but let's say "obfuscated".
This should be string enough for geeks routinely scanning the net with some
password grabber, but a determined snooping attack by someone who knows what
he's doing will reveal the password.
> Yes, berlin used to use pserver. But graydon felt insecure using it,
> so we switched. I personally agreed completely with that move ;)
Well ... depends on your need for security. Of course you shouldn't use
your logon password or something like it for pserver.
CU, ANdy
--
= Andreas Beck | Email : <andreas.beck@ggi-project.org> =
Index:
[thread]
[date]
[subject]
[author]