Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
You might also use one or the other encrypted protocols that are also supported, but this is the only one I have used and I think it is good. Remember to use the -x flag or set your CVSNT server to *require* encryption. /Bo On Wed, 3 Mar 2004 12:03:20 -0600, "Tyler Theobald" <tyler.theobald.junk at cox.net> wrote: >Looks like I'll be settting up a CVSNT server that will be accessed by >developers within our network, as well as developers across the Internet. >So far, I'm only experienced with SSPI intranet with a domain, which has >been working great. >Searching for "cvsnt internet" I found this post from Bo a year ago.... >Bo, or anyone else, do you still recommend this method as a secure and >straightforward implementation for a secure connection from the Internet, or >do you recommend another protocol / method a year later? >Thanks! >-------------- >| -----Original Message----- >| From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org]On >Behalf >| Of Bo Berglund >| Sent: 07 March 2003 12:32 >| To: cvsnt at cvsnt.org >| Subject: RE: [cvsnt] SSPI Protocol security >| >| >| Concerning "best practices" over Internet: >| 1) Set up your server to *only* allow SSPI and other secure >| protocols (like SSH) >| (Disable pserver by erasing the pserver_protocol.dll from the server) >| 2) Open the firewall port 2401 and aim it towards your internal >| CVSNT server. >| 3) On the client side set your sspi as follows >| :sspi:user at server:/repository >| (server must be the firewall IP address in this case) >| Also make sure to check the encryption flag in WinCvs (button >| to the right >| of the protocols selection combo). >| 4) You must start on the client by doing a cvs login and enter the system >| password for the user. It will be sent encrypted and is also >| stored in your >| client PC in a fairly secure way for reuse on later cvs operations. >| 5) Now you can operate on this CVSNT server via the Internet as usual. >| >| I have done this myself and it works pretty well, actually the >| combination of >| encryption and compression makes it usable even on a dialup link to the >| Internet provider. >| >| /Bo > /Bo (Bo Berglund, developer in Sweden)