[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CVS, RSH and direct access to repository
From: |
Jim.Hyslop |
Subject: |
RE: CVS, RSH and direct access to repository |
Date: |
Fri, 16 Jan 2004 13:41:04 -0500 |
Mark D. Baushke [mailto:address@hidden wrote:
> However, under the :pserver: method, the password is kept trivially
> encoded both on your desktop (in $HOME/.cvspass) and on the server (in
> CVSROOT/passwd).
Just a minor correction: the passwords in CVSROOT/passwd are much more
securely - CVSROOT/passwd uses the same encryption algorithm as is used for
/etc/passwd (the documentation even mentions pasting the entries from
/etc/passwd to CVSROOT/passwd).
Of course, the rest of the security chain contains all the other weak links
you mentioned, so this does not affect any of the other concerns you raised.
--
Jim Hyslop
Senior Software Designer
Leitch Technology International Inc. (<http://www.leitch.com/>)
Columnist, C/C++ Users Journal (<http://www.cuj.com/experts>)