RE: CVS, RSH and direct access to repository

[Jim.Hyslop]

Mark D. Baushke [mailto:address@hidden wrote:
> However, under the :pserver: method, the password is kept trivially
> encoded both on your desktop (in $HOME/.cvspass) and on the server (in
> CVSROOT/passwd).
Just a minor correction: the passwords in CVSROOT/passwd are much more
securely - CVSROOT/passwd uses the same encryption algorithm as is used for
/etc/passwd (the documentation even mentions pasting the entries from
/etc/passwd to CVSROOT/passwd).

Of course, the rest of the security chain contains all the other weak links
you mentioned, so this does not affect any of the other concerns you raised.

-- 
Jim Hyslop 
Senior Software Designer 
Leitch Technology International Inc. (<http://www.leitch.com/>) 
Columnist, C/C++ Users Journal (<http://www.cuj.com/experts>)