[cvsnt] Problems with sspi with cvsnt server not on Domain Controler

Bo Berglund bo.berglund at telia.com
Sat Nov 9 09:47:01 GMT 2002


On Sat, 9 Nov 2002 09:50:22 +0100, "Emmanuel Zaspel"
<ezaspel at metatec.de> wrote:

>
>The "logonstring" is now cached in the registry. Ok any documentation about
>how it is cached ?
>Any existing statement about the security of this? I can't say I like it.
>
>Regards
>
>Emmanuel Zaspel
>

No documentation that I know of, but it is cached in the following
key:
HKEY_CURRENT_USER\Software\Cvsnt\cvspass
the actual password is encrypted (don't know with which method).
Since it is in the HKEY_CURRENT_USER tree the value is unavailable
unless one has logged on to this account on Windows, so the security
is in my view about as tight as the Windows logon.


/Bo
(Bo Berglund, developer in Sweden)



More information about the cvsnt mailing list