From owner-freebsd-cvsweb@FreeBSD.ORG  Sat Aug 24 18:59:39 2013
Return-Path: <owner-freebsd-cvsweb@FreeBSD.ORG>
Delivered-To: freebsd-cvsweb@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id C3ED9A76
 for <freebsd-cvsweb@FreeBSD.org>; Sat, 24 Aug 2013 18:59:39 +0000 (UTC)
 (envelope-from rbarber@comlink.net)
Received: from superior.glcom.net (superior.glcom.net [209.165.240.244])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id F2F2E2DC1
 for <freebsd-cvsweb@FreeBSD.org>; Sat, 24 Aug 2013 18:59:38 +0000 (UTC)
Received: from Exchange2010.Comlink.local (office.corenetworks.net
 [64.85.160.4])
 by superior.glcom.net (8.14.3/8.14.3) with ESMTP id r7OIwgsp022279
 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL)
 for <freebsd-cvsweb@FreeBSD.org>; Sat, 24 Aug 2013 14:58:42 -0400 (EDT)
 (envelope-from rbarber@corp.comlink.net)
Received: from Exchange2010.Comlink.local ([fe80::5997:d57b:adfd:58ad]) by
 Exchange2010.Comlink.local ([fe80::5997:d57b:adfd:58ad%10]) with mapi id
 14.02.0318.001; Sat, 24 Aug 2013 14:58:07 -0400
From: Richard Barber <rbarber@comlink.net>
To: "freebsd-cvsweb@FreeBSD.org" <freebsd-cvsweb@FreeBSD.org>
Subject: Security Concerns
Thread-Topic: Security Concerns
Thread-Index: Ac6g+5vBMHWXKeU/R7e3QJUz2ymBFg==
Date: Sat, 24 Aug 2013 18:58:05 +0000
Message-ID: <269A424A3CD1644685130A7E9A9F0882E604D17A@Exchange2010.Comlink.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
x-originating-ip: [172.16.3.149]
Content-Type: multipart/related;
 boundary="_009_269A424A3CD1644685130A7E9A9F0882E604D17AExchange2010Com_";
 type="multipart/alternative"
MIME-Version: 1.0
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
X-BeenThere: freebsd-cvsweb@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: CVS Web maintenance mailing list <freebsd-cvsweb.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-cvsweb>,
 <mailto:freebsd-cvsweb-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-cvsweb>
List-Post: <mailto:freebsd-cvsweb@freebsd.org>
List-Help: <mailto:freebsd-cvsweb-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-cvsweb>,
 <mailto:freebsd-cvsweb-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Aug 2013 18:59:39 -0000

--_009_269A424A3CD1644685130A7E9A9F0882E604D17AExchange2010Com_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello,

We are using CVSweb as a front end for our RANCID platform.  While poking a=
round we noticed that if you hit cancel on the login prompt it still would =
give you access to the webserver and all the available information on it.  =
Is there any suggestions on ways to secure this down so that the average us=
er cannot view mission critical information?

Regards,

[Comlink Logo]
Richard Barber
Network Support Specialist

(517) 679-7509 office
rbarber@comlink.net<mailto:rbarber@comlink.net>
517-664-1900
517-324-9800 fax
www.comlink.net<http://www.comlink.net/>
1515 Turf Lane, East Lansing, MI 48823


Connect With Us!

[Comlink on Twitter]<http://twitter.com/TeamComlink> [Comlink on Facebook] =
<http://www.facebook.com/pages/COMLINK/337614449666847>  [Comlink on Linked=
In] <http://www.linkedin.com/company/2702894>  [Comlink on Google Plus] <ht=
tps://plus.google.com/117115639945176142009>  [Comlink on YouTube] <https:/=
/www.youtube.com/user/TeamCOMLINK>


--_009_269A424A3CD1644685130A7E9A9F0882E604D17AExchange2010Com_--