More flaws foul security of open-source repository

TalkBack 26 of 55:: Next »; « Previous

Thread View
Flat View

RE: From the CVS Project web site: CVS does NOT make any of those remote protocals insecure. Only CVS itself running over those protocals is insecure. Meaning you STILL need access to their site via those protocols to even get close to the insecure CVS. So if those protocals are secure, then you have nothing to worry about. But if you need security against those people who have access via those protocals, THEN you have a problem.

So if you have CVS which only 2 people have access running over a company VPN to which 20 employees have access, then you only have to worry about securing the CVS against those other 18 people (which yes is indeed a problem). And of course if only those 2 people have access to the VPN, then there will be no security breach, unless there is a breach in VPN. But if you have a CVS running over the web, then you have potentially the whole world to secure against.; Posted by: Michael Kelly Posted on: 06/10/04 You are currently: a Guest | Members login | Terms of Use

Reply to Story No further replies to this post will be accepted.

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Exceeding expectations Martin Marvinski | 06/09/04

You sound a bit defensive mojoman_x@... | 06/09/04

What?! Jeff Spicoli | 06/09/04

crimes richhayes | 06/10/04

crimes georgep_z | 06/10/04

Ummm.... ? Martin Marvinski | 06/09/04

Way to spin the story. ShadeTree | 06/10/04

But what you forget to mention. nucrash | 06/10/04

What in the world.... ShadeTree | 06/10/04

Simple nucrash | 06/10/04

So in response.... ShadeTree | 06/10/04

Why respond to your post? Martin Marvinski | 06/10/04

Thanks for adding to the FUD rock06r | 06/10/04

Whats a "M$ shills" Da-Man | 06/10/04

No it is definitely Shill ShadeTree | 06/10/04

Nice spin... Martin Marvinski | 06/10/04

I would agree except... ShadeTree | 06/11/04

From the home page of the CVS Project site. ShadeTree | 06/10/04

seems like doh123 | 06/10/04

If you have access.... ShadeTree | 06/10/04

Code on CVS has official maintainer(s) Michael Kelly | 06/10/04

Only official maintainers are supposed... ShadeTree | 06/10/04

Internet ?? WWW Michael Kelly | 06/10/04

I have confused nothing ShadeTree | 06/10/04

From the CVS Project web site ShadeTree | 06/10/04

RE: From the CVS Project web site Michael Kelly | 06/10/04

Obviously the CVS site must not be secure. ShadeTree | 06/10/04

More proof open source works.. and quickly! Xunil_Sierutuf | 06/09/04

Uh huh wolf_z | 06/10/04

wolf: Don't reply to this SHRILL above Da-Man | 06/10/04

Do you even know what the term refers to? rock06r | 06/10/04

Alternatives? doe_z | 06/09/04

CVS alternatives Chris Moller | 06/10/04

(NT)The VPN method is a good idea toadlife | 06/09/04

More flaws foul security of open-source repository Loverock Davidson | 06/10/04

Loverock's pick dwest_z | 06/10/04

How sweet! Loverock Davidson | 06/10/04

linux what? ryusen | 06/10/04

If they could just deliver a secure OS without bugs. No_Ax_to_Grind | 06/10/04

Yeah, Zealots are like flaws nucrash | 06/10/04

Touch? Michael Kelly | 06/10/04

Meh, nucrash | 06/10/04

Good idea, just wrong phrase rock06r | 06/10/04

OS? what? doh123 | 06/10/04

Still it's a security flaw that could breach OS code Michael Kelly | 06/10/04

If they could just deliver a secure OS without bugs. Loverock Davidson | 06/10/04

Close the door on 'free' non-professional software Andreas_Gruenbaum | 06/10/04

Bigger priorities Michael Kelly | 06/10/04

This problem is being addressed in SP2.(nt) ShadeTree | 06/10/04

Good. I wish them luck. (nt) Michael Kelly | 06/10/04

Check out: http://www.ghs.com Da-Man | 06/10/04

Just a clue... Linux User 147560 | 06/10/04

Should be: Close the door on non-professional software. doe_z | 06/10/04

Zdnet, you're posters have warned you about FilledOut | 06/10/04

There's always SecurID ... George Mitchell | 06/10/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Read the original story

More flaws foul security of open-source repository

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads