[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVS security

From: Tracy Brown
Subject: RE: CVS security
Date: Wed, 16 May 2001 10:59:45 -0700

This is a matter of perspective. To a security administrator you are passing
through the firewall on what is probably an unauthorized port and the *code*
that you are downloading may contain viruses, worms, etc. I of course do not
feel this way and chances are your administrator doesn't understand *why*
people like us *need* to use CVS. I'm sure there are ways around this - and
depending on how your company's firewall is configured - you can just go
ahead and use the client. You might get caught and slapped on the hand.

Alternatively you could pose a business case to your management showing that
you require access to this remote repository and offer to sign a
nondisclosure statement or whatnot with regard to uploading proprietary
company data and maybe draft a little policy stating that on all *updates*
you will run some sort of virus detection program... Some of this may not
apply, but it's just an idea.

I am not aware of a CVS client posing an active risk in a security framework
such that an outsider could gain some level of access. The client does not
accept incoming connections...


> -----Original Message-----
> From: James Melton [mailto:address@hidden
> Sent: Wednesday, May 16, 2001 9:43 AM
> To: address@hidden
> Subject: CVS security
> I am trying to get my Unix sysadmin allow me to run a CVS client which
> will connect with a remote CVS server (not our server) via an 
> anonymous
> id. He has shared his concern with our management that CVS 
> remote access
> poses a significant risk to us. I think his fears are ungrounded, and
> that all the associated risk falls only on the server side. 
> Are there any reviews of security risk associated with using a CVS
> client? Can there possibly be any risk to us?
> Any ideas are appreciated,
> Jim.
> ____________________________________________________________
> James Melton                 CyLogix
> 609.750.5190                 609.750.5100
> address@hidden
> _______________________________________________
> Info-cvs mailing list
> address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]