Index: [thread] [date] [subject] [author]

  From: Marcus Sundberg <mackan@stacken.kth.se>
  To  : ggi-develop@eskimo.com
  Date: Sat, 13 Feb 1999 21:53:12 +0000

Re: CVS maintainer?

Aaron Van Couwenberghe wrote:
> I'd like to know how secure the password method is... Are the passwords
> crypt()ed at the cvs server's end? if so, you're transmitting passwords
> cleartext. If they are crypt()ed locally, the possibility for trojan is
> hanging right out..
>         Perhaps there's a way to bottle everything up inside a ssh session,
> or a tcp stream that's transparently encrypted via SSL. I know
> someone that I think is looking into the latter.
>         Yes, berlin used to use pserver. But graydon felt insecure using it,
> so we switched. I personally agreed completely with that move ;)

Why don't you use Kerberos and the kserver method?

//Marcus
-- 
-------------------------------+------------------------------------
        Marcus Sundberg        | http://www.stacken.kth.se/~mackan/
 Royal Institute of Technology |       Phone: +46 707 295404
       Stockholm, Sweden       |   E-Mail: mackan@stacken.kth.se

Index: [thread] [date] [subject] [author]