Re: Any plan to merge cvspwd into cvs?

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Any plan to merge cvspwd into cvs?

From:	Mark A. Flacy
Subject:	Re: Any plan to merge cvspwd into cvs?
Date:	05 May 2002 14:13:18 -0500
User-agent:	Gnus/5.09 (Gnus v5.9.0) Emacs/21.1

>>>>> "Ben" == Ben Kial <address@hidden> writes:
Ben> 
Ben> I am new to CVS administration and I could some education here...  The
Ben> "cvspwd" only changes the password file under CVSROOT/password.  This
Ben> has nothing to do with any Unix user account. I don't understand how
Ben> can this cause any security problem? Worst comes to worst, a hacker
Ben> can only add/modify/delete CVS users (which in my setting I map them
Ben> all to a Unix "cvsguest" user account). The best (or worst) he can do
Ben> is to mess up the CVS repository, right?

Heh.  You might really want to be sure *who* is performing changes to your
repository.

How about the disgruntled employee that codes in a back door or a worm into
your product?  Not only would you want to know who did it but you'd like to
be able to check the *other* changes that they had made to the code base.

[Prev in Thread]

Current Thread

[Next in Thread]

Any plan to merge cvspwd into cvs?, Ben Kial, 2002/05/01
- Re: Any plan to merge cvspwd into cvs?, Greg A. Woods, 2002/05/03
- Message not available
  - Re: Any plan to merge cvspwd into cvs?, Ben Kial, 2002/05/05
    - Re: Any plan to merge cvspwd into cvs?, Mark A. Flacy <=
    - Re: Any plan to merge cvspwd into cvs?, Ben Kial, 2002/05/06
    - Re: Any plan to merge cvspwd into cvs?, Norberto Meijome, 2002/05/08

Prev by Date: Re: Any plan to merge cvspwd into cvs?
Next by Date: Distributed CVS-Server?
Previous by thread: Re: Any plan to merge cvspwd into cvs?
Next by thread: Re: Any plan to merge cvspwd into cvs?
Index(es):
- Date
- Thread