Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Looks like I'll be settting up a CVSNT server that will be accessed by developers within our network, as well as developers across the Internet. So far, I'm only experienced with SSPI intranet with a domain, which has been working great. Searching for "cvsnt internet" I found this post from Bo a year ago.... Bo, or anyone else, do you still recommend this method as a secure and straightforward implementation for a secure connection from the Internet, or do you recommend another protocol / method a year later? Thanks! -------------- | -----Original Message----- | From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org]On Behalf | Of Bo Berglund | Sent: 07 March 2003 12:32 | To: cvsnt at cvsnt.org | Subject: RE: [cvsnt] SSPI Protocol security | | | Concerning "best practices" over Internet: | 1) Set up your server to *only* allow SSPI and other secure | protocols (like SSH) | (Disable pserver by erasing the pserver_protocol.dll from the server) | 2) Open the firewall port 2401 and aim it towards your internal | CVSNT server. | 3) On the client side set your sspi as follows | :sspi:user at server:/repository | (server must be the firewall IP address in this case) | Also make sure to check the encryption flag in WinCvs (button | to the right | of the protocols selection combo). | 4) You must start on the client by doing a cvs login and enter the system | password for the user. It will be sent encrypted and is also | stored in your | client PC in a fairly secure way for reuse on later cvs operations. | 5) Now you can operate on this CVSNT server via the Internet as usual. | | I have done this myself and it works pretty well, actually the | combination of | encryption and compression makes it usable even on a dialup link to the | Internet provider. | | /Bo