[cvsnt] Re: Where are passwords stored with cvsnt

Jerzy Kaczorowski jerzyk at wndtabs.com
Fri Dec 6 13:13:57 GMT 2002


>I doubt that applications are using the registry-entry directly. What some
do is using the Env. Variable
>CVSPASS to find and set the password in a (potential) passwordfile. When
those applications are
>configured to use cvsnt as the cvs client, all logins fail because:
>- the application asks for the users password,
>- stores this password in the password file and
>- then calls the cvs client - who in case of cvsnt does not care about the
password file.

Any application that does what you've just described is just broken. It's up
to the CVS client to store the password where-ever it likes to. Nobody
should access the password or any other files that are handled by the CVS
client, it's registry settings etc. Application may read some of these, but
should never modify any files that belong to the CVS client.

Best Regards,
Jerzy

----- Original Message -----
From: "Roser Timm (KADA 32)" <timm.roser at csfs.com>
To: <cvsnt at cvsnt.org>
Sent: Friday, December 06, 2002 4:59 PM
Subject: [cvsnt] Re: Where are passwords stored with cvsnt


Hello Tony,

I doubt that applications are using the registry-entry directly. What some
do is using the Env. Variable
CVSPASS to find and set the password in a (potential) passwordfile. When
those applications are
configured to use cvsnt as the cvs client, all logins fail because:
- the application asks for the users password,
- stores this password in the password file and
- then calls the cvs client - who in case of cvsnt does not care about the
password file.

I agree that having the keys in the registry is a bit safer and more
reliable than on the disk.
The problem i see is that i could not find any clear statement on where it
is stored and how
cvsnt treats existing password files. The same problem obviously exist for
application developers as
many are not aware of the differences between cvs and cvsnt and implement
behaviour that cannot work with cvsnt.
It would also be nice to know with which version of cvsnt this behaviour
changed because i remember older versions still setting passwd files.

Regards
Timm

>It's better to use the registry on Windows as people don't always have
>a home directory defined (or even a consistent one).

>However no application outside cvsnt itself should be accessing this
>file.  I can't guarantee that its format will remain the same & won't
>be particularly interested if an application that does rely in it then
>breaks.

>The correct way to update the password list is with 'cvs login' and
>'cvs logout'.

>Tony

> Timm Roser
> CREDIT SUISSE FINANCIAL SERVICES
> Development Support / KADA 32
> Zollstrasse 20/36
> Postfach 600
> CH-8070 Zürich
> Tel.  +41 1 334 19 79
> Fax. +41 1 332 77 20
> mailto:timm.roser at csfs.com
> http://www.credit-suisse.com
>
>

_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt






More information about the cvsnt mailing list