Giving it all away - theSpoke.net

01.Blogs :

Programming, gadgets and life as a lecturer in a UK university.

Giving it all away

Peter and I are using WinCVS to manage a software project we are working on. Very nice system. If all goes to plan we will be able to work on different parts of the application together. Well worth taking a look at : http://www.wincvs.org/

Only one problem.

You have to log in to use the system, since it authenticates you to the server. To log in you must give your password in clear text. It is displayed in the dialogue box in clear text. It is stored in clear text. When you have CVS running the login window displays the password for all to see. I'm not that worried, I have a bunch of passwords which I use, so at least it doesn't compromise anything else. But it does show rather poor design.

Anyhoo, the program works fine, which is nice.

posted on Tuesday, June 14, 2005 9:49 PM by RobMiles

# @ Wednesday, June 22, 2005 9:18 AM

I appreciate your concerns Rob, but they only apply to certain ways of using WinCVS with certain authentication methods. The version you're using hits against a Windows CVSNT server which uses Windows Integrated (SSPI) authentication. Consequently WinCVS never needs to store your password locally as it relies on Windows to do all the authenticaion. If you use one of the alternative authentication providers susch as pserver then ther may well be issues with passwords stored in clear text. Personally, I'd opt to use one of the more secure protocols if you can

davidg

03.UPDATE CALENDAR :

04.CATEGORIES :

06.Archives :

07.Subscriptions :