Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to email@example.com.
On Wed, 28 Jun 2006 12:18:06 +0100, Tony Hoyle <tony.hoyle at march-hare.com> wrote: >David Somers wrote: >> Tony Hoyle wrote: >> >>>The whole thing probably needs a rethink for security purposes anyway. >> >> >> I thought only a user with admin rights could do init -r, so its use is >> already restricted to (hopefully) responsible admins. >> >The problem is the potential for abuse, and accidents, even for admins. > It's just a bit too unsafe for my liking at the moment. > >For remote repository init there probably needs to be a global root that >the new ones are created under - this stops people trying to create >repositories in random places on the disk, which is a situation I really >don't like (a cvs init in c:\windows could be rather a mess for >example.. especially if it wasn't caught for a while). > What I don't like is this: A user is connecting using this string: :sspi:cvsserver:/repo1 Say that this user is mentioned in the admin file for repo1, it makes him an admin for that repository (but not necessarily for another). Now if this user is allowed to just arbitrarily send an init command where he is also specifying a *physical* directory to create, where would this put us? He could then create a dir on a nonsecured disk or as you point out smack in the operating system realm! Terrible situation in my mind. I don't think that repository creation belong among the cvs commands using anything but the local connection! In order to make it available to a *system* admin to do remotely a better way in my mind would be to make the CVSNT control panel application able to connect via the network to the server PC and then present the same dialogs as always in the control panel. This would surely beat the discussed methods security wise. On connection the system would validate the user as an admin too. If you look at Microsofts RegEdit as an example it has a menu command: File/ConnectNetworkRegistry that allows it to operate on a remote PC. Similar for Microsofts Service Manager. Could you not do it this way instead???? /Bo Berglund