[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS security

From: Mark Harrison
Subject: Re: CVS security
Date: Thu, 17 May 2001 16:06:27 +0800

James Melton <address@hidden>
> I am trying to get my Unix sysadmin allow me to run a CVS client which
> will connect with a remote CVS server (not our server) via an anonymous
> id. He has shared his concern with our management that CVS remote access
> poses a significant risk to us. I think his fears are ungrounded, and
> that all the associated risk falls only on the server side. 
> Are there any reviews of security risk associated with using a CVS
> client? Can there possibly be any risk to us?

These items sufficed for our own admin:

1.  Your site needs only outbound access.  Inbound access is
    disabled, so nobody can attack through that route.

2.  You are only using anonymous access, so you are not exposing
    any of your own passwords over the connection.

3.  Anonymous CVS is read-only.  You can't accidentally send
    data from your system over the connection.

With these

Mark Harrison           address@hidden "the arms merchant of choice
Chief Software Architect address@hidden  for virtually every combatant
AsiaInfo Holdings, Inc.       +86-1390-138-3470  in China's network wars..."
Beijing/Santa Clara/Hong Kong     icq:106821430         - Wall Street Journal

reply via email to

[Prev in Thread] Current Thread [Next in Thread]