Date: Fri, 1 Jun 2001 08:55:16 -0700 (PDT) From: Brian Behlendorf <brian@collab.net> To: Dag-Erling Smorgrav <des@ofug.org> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <Pine.BSF.4.31.0106010850550.679-100000@localhost> In-Reply-To: <xzpvgmgwbvv.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1 Jun 2001, Dag-Erling Smorgrav wrote: > You don't need passwords to run CVS against a remote repository. All > you need is 'CVSROOT=user@server:/path/to/repo' and 'CVS_RSH=ssh'. For those who use windows and mac GUI CVS clients, pserver's a requirement. IMHO, passwords are neither better nor worse, necessarily, than keys, in authenticating to a server. The basic difference is between "what you know" and "what you have". I'm as worried about people who have poor password management practices, as I am about people whose home or work machines where their private keys are may not be the most secure. Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0106010850550.679-100000>