Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
> Note: Excite really garbled your message. Groan. i'm trying plain text this time. hopefully cleaner. should really find a better free e-mail account. >Sorry to say, when you use pserver, by accident or otherwise, your password >will be exposed (albeit in a trivially encoded manner). is this true even if the CVS server does not answer? (i.e. port closed on firewall) >2. Connect indirectly via a proxy which munges from pserver to sserver... I >just posted a message to this list about my cvssproxy add which does just >that :-) send me the details and I'll try it out. cheers Damien --- On Thu 08/10, David Somers < dsomers at omz13.com > wrote: From: David Somers [mailto: dsomers at omz13.com] To: cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook Date: Thu, 10 Aug 2006 15:42:27 +0200 Subject: Re: [cvsnt] Securing pserver on CVSNT: tunneling with ssh Damien Moore wrote: Note: Excite really garbled your message. Groan. [snip] > Another problem is if I have port 2401 open, > pserver switched off, require encryption turned on, but I accidentally > cvs -d :pserver:user"at"repos:/repos login (instead of sserver) its not > clear to me that the password isn't being sent down the insecure channel > despite the failure of login - i get a nondescript -1 error. (with only > require authentication turned on it seems that i can > actually login with pserver, just can't run commands). Can you confirm > that the password isn't being sent down the unsecure channel in this > scenario? [snip]. Sorry to say, when you use pserver, by accident or otherwise, your password will be exposed (albeit in a trivially encoded manner). You could avoid this by, either: 1. Not installing the pserver protocol on your client machine. (If the protocol isn't there you can't accidentally use it... but you then won't be able to use pserver to connect to any anonymous sites). 2. Connect indirectly via a proxy which munges from pserver to sserver... I just posted a message to this list about my cvssproxy add which does just that :-) -- David Somers typographer/programmer/whatever _______________________________________________ cvsnt mailing list cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web!