[Logo] JCVSForum - Community Support For JCVS Users and Developers
  [Search] Search   [Recent Topics] Recent Topics   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [Groups] Back to home page 
[Register] Register / 
[Login] Login 
using jCVS for secure connections?  XML
Forum Index » JCVS Mailing List
Author Message
jcvslist


[Avatar]

Joined: 03/06/2004 19:54:53
Messages: 3096
Location: Earth
Offline

<pre>

I've been told by everyone I speak to that the pserver method of CVS is
really a bad idea and not to use it. So the question is, does jCVS have
another more secure method of connecting for remote clients?

cheers,
jeffrey




At 05:56 PM 9/9/98 -0700, Neal A. Dillman wrote:
>Hi,
>
> I have used jCVS [at home] on OS/2 a few times, and have been quite
>impressed. I am hoping to use it at work as well. I have run into two
>problems:
>
>1) The color for the menus on the main window (as well as other places)
>is white on white when unselected. This makes it difficult (impossible
>actually) to read. The menus are somewhat readable when they are
>selected. I did not see an option in the code to change this.
>
>2) When I try to do a checkout I get:
>Exception occurred during event dispatching:
>java.lang.NullPointerException
> at java.util.GregorianCalendar.computeFields(Compiled Code)
> at java.util.Calendar.setTimeInMillis(Calendar.java)
> at java.util.Calendar.setTime(Calendar.java)
> at java.text.SimpleDateFormat.format(Compiled Code)
> at java.text.DateFormat.format(DateFormat.java)
> at
>com.ice.cvsc.CVSTimestampFormat.formatTimeZone(CVSTimestampFormat.java:109)
> at
>com.ice.cvsc.CVSTimestampFormat.format(CVSTimestampFormat.java:94)
> at com.ice.cvsc.CVSEntry.setTimestamp(CVSEntry.java:363)
> at com.ice.cvsc.CVSProject.processResponseItem(Compiled Code)
> at com.ice.cvsc.CVSProject.handleResponseItem(Compiled Code)
> at com.ice.cvsc.CVSClient.processResponseItem(Compiled Code)
> at com.ice.cvsc.CVSClient.readAndParseResponse(Compiled Code)
> at com.ice.cvsc.CVSClient.processCVSRequest(Compiled Code)
> at com.ice.cvsc.CVSProject.performCVSRequest(Compiled Code)
> at com.ice.jcvs.CVSProjectFrame.commonCVSCommand(Compiled Code)
> at com.ice.jcvs.CVSProjectFrame.performCheckOut(Compiled Code)
> at com.ice.jcvs.CVSCheckoutDialog.actionPerformed(Compiled Code)
> at java.awt.Button.processActionEvent(Compiled Code)
> at java.awt.Button.processEvent(Compiled Code)
> at java.awt.Component.dispatchEventImpl(Compiled Code)
> at java.awt.Component.dispatchEvent(Compiled Code)
> at java.awt.EventDispatchThread.run(Compiled Code)
>
>My platform is:
>HP-UX Java C.01.15.05 08/06/98
>HP-UX B.10.20 A 9000/712
>
>I am using pserver (not rsh/remsh).
>
>Has anyone go jcvs working properly on HP-UX?
>
>
> -Neal-
>
>--
>-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
>- Neal A. Dillman * neald@rose.hp.com -
>-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
>- My opinions are. -
>-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
>
>
--------------------------------------------------------------------
J. Jeffrey Close I've been having to use 'vi' again
France Telecom R&D lately, and I just want to say that
close@halcyon.com anyone that would use vi when they
206-545-9360 could use emacs is insane.
SPAM OF THE WEEK: GET MIGRAINE RELIEF AT http://www.simplesol.net


</pre>

jCVS Maoiling List arvhive.
[WWW]
jcvslist


[Avatar]

Joined: 03/06/2004 19:54:53
Messages: 3096
Location: Earth
Offline

<pre>At 11:01 AM 9/9/98 -0700, J. Jeffrey Close wrote:
>
>
>I've been told by everyone I speak to that the pserver method of CVS is
>really a bad idea and not to use it. So the question is, does jCVS have
>another more secure method of connecting for remote clients?
>
>cheers,
>jeffrey

I use the pserver method of connecting routinely and have had no problems.
In the office, the connection goes over the internal network, so security
is not a major issue.

From home, I use it over a secure connection. We support two in our lab --
Microsoft's Virtual Private Network (based on the PPTP protocol) and Data
Fellows F-SSH (i.e., the secure shell protocol). The first is for Windows
users, while the second is for Unix users.

Data Fellows's stuff (a Finnish company) is really, really secure.
Microsoft's choice of keys based on passwords may not be the very best, but
PPTP itself is secure enough to keep routine prying eyes from watching my
traffic. I use it for all my Windows work at home.

/Hugh Lauer

</pre>

jCVS Maoiling List arvhive.
[WWW]
jcvslist


[Avatar]

Joined: 03/06/2004 19:54:53
Messages: 3096
Location: Earth
Offline

<pre>Jeffrey,

J. Jeffrey Close wrote:
> I've been told by everyone I speak to that the pserver method of CVS is
> really a bad idea and not to use it. So the question is, does jCVS have
> another more secure method of connecting for remote clients?

The pserver method has it's place. It is not terribly secure, and had a
known security hole until recently. The main problem, though, is that
pserver sends passwords over the wire in cleartext.

If security is a real concern, there are a number of ways around the
issue:
*) through CVS:
*) You can use the kserver method for kerberos 4 auth and encryption
*) You can use the gserver method for GSS-API auth and encryption
*) through external systems:
*) some sort of VPN (MS PPTP, Aventail, etc.)
*) Kerberized rsh (remote shell)

In our environment, I am hoping to move to gserver. Unfortunately I
have been (as yet) unsuccessful in getting the server ported to run with
HP's DCE. Even then, I would probebly want to add GSS-API support to
jcvs (which is probably possible, but an onerus [SP?] task). On the
other hand, we are on an internal network, and pserver security is
currently acceptable for your environment.

Regards,
Neal

--
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
- Neal A. Dillman * neald@rose.hp.com -
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
- My opinions are. -
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-

</pre>

jCVS Maoiling List arvhive.
[WWW]
jcvslist


[Avatar]

Joined: 03/06/2004 19:54:53
Messages: 3096
Location: Earth
Offline

<pre>On Fri, Sep 11 1998, Neal A. Dillman wrote:
> In our environment, I am hoping to move to gserver. Unfortunately I
> have been (as yet) unsuccessful in getting the server ported to run with
> HP's DCE. Even then, I would probebly want to add GSS-API support to
> jcvs (which is probably possible, but an onerus [SP?] task).

Can you expound on why it would be onerous?

There are two ways to extend jCVS's I/O stream, which seem to accomodate
most needs. The first is to replace the I/O internally with a Java package,
or to use an exec() of a process that handles the I/O via stdio. The latter
method is what some folks use for SSH connectivity.

tim.
Tim Endres, ICE Engineering, Inc.
mailto: time@ice.com http://www.ice.com
"Usenet - A slow moving self parody." -- Peter Honeyman

</pre>

jCVS Maoiling List arvhive.
[WWW]
jcvslist


[Avatar]

Joined: 03/06/2004 19:54:53
Messages: 3096
Location: Earth
Offline

<pre>Tim Endres wrote:
> Can you expound on why it would be onerous?
>
> There are two ways to extend jCVS's I/O stream, which seem to accomodate
> most needs. The first is to replace the I/O internally with a Java package,
> or to use an exec() of a process that handles the I/O via stdio. The latter
> method is what some folks use for SSH connectivity.

The second method is what I referred to as "through external systems" in
the prior mail. This is less desirable, as I am attempting the make the
repository completely black box -- ie: user's home directories are set
to /dev/null, and their shells are set to /bin/false. The thoery there
being that if users can't log in it is a bit tougher for them to
[unintentionally] rm -rf the repository.

Replacing the internal IO would likely be onerous because I would need
to write a package that has clean access to gssapi's existing
credentials. That would mean having java read the credential cache,
request the cvs ticket, etc. Then again, this may have already been
written by someone.



Regards,
Neal

--
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
- Neal A. Dillman * neald@rose.hp.com -
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
- My opinions are. -
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-

</pre>

jCVS Maoiling List arvhive.
[WWW]
 
Forum Index » JCVS Mailing List
Go to:   
Powered by JForum 2.1.9 © JForum Team