Go to the first, previous, next, last section, table of contents.

Basic information about :pserver: protocol

:pserver: protocol first appeared as the authentication extension to the client-server protocol, and is now one of the most popular ways to setup the CVS server. However, there are several deficiencies in the :pserver: that make it extremely unsecure if used carelessly. Primary source of insecurety is that passwords are translated in clear text over the (untrusted) network, allowing the attacker to sniff the passwords.

:pserver: protocol by default uses~TCP port 2401.

It must be said, however, that :pserver: could be wrapped in SSL (Secure Sockets Layer), thus eliminating this danger and bringing the :pserver: back to usability. Plain unprotected :pserver: should be used only in fully trusted networks, or for unimportant tasks such as anonymous access to repository.

The whole purpose of :pserver: is to transfer from the client to the remote server three things: username, password, and directory where repository resides.

The protocol front-end for :pserver: is called `cvs-pserver'. It takes the following command line arguments:

cvs-pserver /repos1 ... /reposN -- checkpassword ...

Here the /repos1 ... /reposN is the list of repositories that are served by that particular server. End of this list is marked with --. If the client specifies repository not in that list, authentication fails, and no checkpassword program is run. After the end of list marker follows the name of password-checking program, with its own arguments.

Go to the first, previous, next, last section, table of contents.