Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
> From: cvsnt-bounces at cvsnt.org > [mailto:cvsnt-bounces at cvsnt.org] On Behalf Of Glen Starrett > Sent: Wednesday, 22 August, 2007 15:40 > > Michael Wojcik wrote: > > cvsagent listens on a TCP socket for password queries and responds > > with cached passwords. That's hardly inaccessible to an attacker. > > We recently discussed changing that to model the PuTTY / > Pagent method of communication (it uses Windows messages, I > believe). I'm not sure when this is scheduled. I haven't investigated Pagent (I use PuTTY for ssh, but manually enter passwords each time I connect). I'll take a look. > As always, patches are welcome and appreciated! Yes, and this is a localized area with a well-defined interface, so it's a good candidate for an outside patch. If I can find a little free time I'll look into putting one together. I should probably note that I like CVSNT, and while I do think this is a security risk that should be addressed, it's not a showstopper. Good system security goes a long way to mitigating it. -- Michael Wojcik Principal Software Systems Developer, Micro Focus