[Cvsnt] SSPI and cvspass file
Brian Smith
brian-l-smith at uiowa.edu
Wed Feb 27 08:12:27 GMT 2002
Tony,
It seems like the current SSPI code will allow the user to store their
domain password in .cvspass. To me, that doesn't seem like a very good
idea because the .cvspass file becomes the a very weak link in the
domain's security, especially for developers and administrators that
have a lot of privileges. I can see how it would be helpful for some
people but for me this causes a big problem (I develop software for a
hospital so I have a ton of patient confidentiality laws and regulations
to worry about). So, for me to be able to use CVSNT I have to have a way
of disabling this password-storing "feature" while still allowing :sspi:
mode to work.
What do you think the best way to go about that would be?
Thanks,
Brian
_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
More information about the cvsnt
mailing list