Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Damien Moore wrote: Note: Excite really garbled your message. Groan. [snip] > Another problem is if I have port 2401 open, > pserver switched off, require encryption turned on, but I accidentally > cvs -d :pserver:user"at"repos:/repos login (instead of sserver) its not > clear to me that the password isn't being sent down the insecure channel > despite the failure of login - i get a nondescript -1 error. (with only > require authentication turned on it seems that i can > actually login with pserver, just can't run commands). Can you confirm > that the password isn't being sent down the unsecure channel in this > scenario? [snip]. Sorry to say, when you use pserver, by accident or otherwise, your password will be exposed (albeit in a trivially encoded manner). You could avoid this by, either: 1. Not installing the pserver protocol on your client machine. (If the protocol isn't there you can't accidentally use it... but you then won't be able to use pserver to connect to any anonymous sites). 2. Connect indirectly via a proxy which munges from pserver to sserver... I just posted a message to this list about my cvssproxy add which does just that :-) -- David Somers typographer/programmer/whatever