[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security options :-(

From: Greg A. Woods
Subject: Re: Security options :-(
Date: Tue, 17 Dec 2002 17:55:03 -0500 (EST)

[ On Tuesday, December 17, 2002 at 19:31:39 (+0000), Keith Refson wrote: ]
> Subject: Security options :-(
> Method 3: 
>    description:
>    - users SSH into a single existing account.

You've just re-created half of the issues with CVSpserver.  I.e. you
still have no way to achieve sufficient accountability because now any
CVS user can spoof any other CVS user (all you've got is the hope that
you can narrow down the time of any funny business to a time when one
and only one authenticated user was connected).

>    drawbacks:
>    - All checkins appear to be from the same  CVS account, rendering
>      CVS user checkin audit useless.


                                                                Greg A. Woods

+1 416 218-0098;            <address@hidden>;           <address@hidden>
Planix, Inc. <address@hidden>; VE3TCP; Secrets of the Weird <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]