Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
On Mon, 6 Feb 2006 07:14:53 +1100, "Brian Post" <bpost at 80-20.com> wrote: >Thanks BO. > >I have seen discussions with the passwords being stored in the registry for >PSERVER & SSERVER protocals, I didn't think it would be saved for SSPI. >Thanks for the heads up about it. > >Cheers, Brian There is a HUGE difference between storing passwords in the Registry and into the CVS control files (CVS/Root)! When you do "cvs login" using CVSNT as the client a successful login will result in the password for this CVSROOT being stored into the Registry in encrypted form. The registry hive used is HKCU, which means that it is ONLY available for the Windows user logged in to the workstation PC when the "cvs login" command was issued. It is in this way stored encrypted into a safe holding Windows will only open for the user doing the login. When you do the same thing using a GNU CVS client or Cygwin CVS the password is also stored, but this time in the .cvspass *file* on the file system. This file is available to anyone with file system access to the Windows workstation and the encryption used is rather trivial, so it can be easily broken. But it *is* encrypted in any case. Contrast this to using :<protocol>:user:password at server:/Repo where the entire string will be stored in *all* Root files inside the CVS subdirectories in the entire checked out sandbox tree! It is there for *anyone* to read even without the least trace of encryption! You only need to be able to open the Root file in an editor like notepad and you have the password!!! /Bo (Bo Berglund, developer in Sweden)