Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Does :sserver: use the CVSROOT/passwd file to authenticate users? If it does then I guess the user aliasing system also works with the :sserver. protocol then? I have personally never used :sserver: at all.... Bo -----Original Message----- From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org]On Behalf Of Tony Hoyle Sent: den 7 november 2005 12:52 To: cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook Subject: Re: [cvsnt] Add User Bo Berglund wrote: > The :pserver: protocol is considered insecure because it has no > method for encryption of the communication. And the password is > sent nearly in cleartext (very light encryption). > > So someone using a packet sniffer on the network should eb able to > decode your CVS communications. > If you are in a closed environment and are not exposing the > CVS system on the Internet then pserver is probably OK, but > otherwise you should consider SSPI or something else. > There's also :sserver: which is essentially encrypted pserver. The passwords are still stored on the client side in the registry but the wire protocol is secure. Tony _______________________________________________ cvsnt mailing list cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs