[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CVS, RSH and direct access to repository
From: |
RAJAGOPAL, AARTI (SBCSI) |
Subject: |
RE: CVS, RSH and direct access to repository |
Date: |
Fri, 16 Jan 2004 12:48:17 -0600 |
Do the passwords get transmitted in plaintext when going through the network
, in pserver?
-----Original Message-----
From: Jim.Hyslop [mailto:address@hidden
Sent: Friday, January 16, 2004 12:41 PM
To: address@hidden
Subject: RE: CVS, RSH and direct access to repository
Mark D. Baushke [mailto:address@hidden wrote:
> However, under the :pserver: method, the password is kept trivially
> encoded both on your desktop (in $HOME/.cvspass) and on the server (in
> CVSROOT/passwd).
Just a minor correction: the passwords in CVSROOT/passwd are much more
securely - CVSROOT/passwd uses the same encryption algorithm as is used for
/etc/passwd (the documentation even mentions pasting the entries from
/etc/passwd to CVSROOT/passwd).
Of course, the rest of the security chain contains all the other weak links
you mentioned, so this does not affect any of the other concerns you raised.
--
Jim Hyslop
Senior Software Designer
Leitch Technology International Inc. (<http://www.leitch.com/>)
Columnist, C/C++ Users Journal (<http://www.cuj.com/experts>)
_______________________________________________
Info-cvs mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/info-cvs