[cvsnt] SSPI Protocol security

Tony Hoyle tmh at nodomain.org
Fri Mar 7 10:43:48 GMT 2003


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


On Fri, 7 Mar 2003 09:33:19 -0000, "Thomas Muller" <ttm at online.no> wrote:

>Hi,
>
>Apardon my ignorance regarding the different protocols and CVS in general,
>but documentation is a bit scarce with respect to secruity implications
>excpect for the pserver protocol which is considered highly unsecure.
>
>How secure is SSPI? Is it just used for authentication and after that the
>actual transmission of commands and file contents is open?
>
It's a secure as MS wrote it...  Basically SSPI from a Win9x machine is about
as secure as pserver (NTLMv1 is trivially crackable).  Between NT machines
though it's pretty secure.

If you enable encryption then all the traffic is encrypted, although there's
little documentation about what encryption is used so I couldn't say how
secure it is - I guess it's pretty secure as I've never heard of anyone
cracking it.

Tony



More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook