Index:
[thread]
[date]
[subject]
[author]
From: Marcus Sundberg <mackan@stacken.kth.se>
To : ggi-develop@eskimo.com
Date: Sat, 13 Feb 1999 21:53:12 +0000
Re: CVS maintainer?
Aaron Van Couwenberghe wrote:
> I'd like to know how secure the password method is... Are the passwords
> crypt()ed at the cvs server's end? if so, you're transmitting passwords
> cleartext. If they are crypt()ed locally, the possibility for trojan is
> hanging right out..
> Perhaps there's a way to bottle everything up inside a ssh session,
> or a tcp stream that's transparently encrypted via SSL. I know
> someone that I think is looking into the latter.
> Yes, berlin used to use pserver. But graydon felt insecure using it,
> so we switched. I personally agreed completely with that move ;)
Why don't you use Kerberos and the kserver method?
//Marcus
--
-------------------------------+------------------------------------
Marcus Sundberg | http://www.stacken.kth.se/~mackan/
Royal Institute of Technology | Phone: +46 707 295404
Stockholm, Sweden | E-Mail: mackan@stacken.kth.se
Index:
[thread]
[date]
[subject]
[author]