This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
For security reasons, it is sometimes critical to be able to logout of cvs. There is currently no way to do this: once you enter a password as prompted for any cvs command, you are "logged in" with a stored password on your system with no way to logout. This is a security hole that must be fixed.
What is your scenarion? NB CVS supports secure connections using SSH (:ext: method). - for internal SSH connection you can choose password storage policy - for external providers, it's upon the provider itself By definition the :pserver: connection method is NOT secure.
If I understand you correctly, your argument is that because :pserver: isn't secure in all cases, you feel justified in making it less secure by not providing a means to erase the password? Sorry, I don't buy that argument. That would be like a lock manufacturer saying: "well, sir, the lock you've chosen can be picked anyway, so we won't give you a means to relock the door once you've opened it". Sounds pretty silly, when put that way, doesn't it? If it helps, here is a scenario where security is improved by having cvs logout, and diminished by its absence: Imagine a shared computer in a lab on a company intranet. Many people have access to that lab. If I want to use this shared computer to access my cvs repository, I can do so safely as long as I trust the network (which, since it's internal, isn't too big of a stretch). Now, having finished with that, I need to logout or the next person who comes in will be able to use my login to access the cvs repository. Please tell me how I can do what I described above given that there is no cvs logout (without telling me that I shouldn't want to do it in the first place).
Please reconsider this issue per my above comment.
My suggestion for secure repository access is to use SSH. For :pserver:, does it mean that your group shares OS account? It yes, then I suggest following workaround. Start with -J-Dcvs.passfile=C:\my\private\.cvspass property and after finishing work delete C:\my\private\.cvspass file. Else you can setup OS level permisions for .cvspass file. Does it suit your needs? REOPEN with details if necessary. Thank you
No, this simply misses the point. Let me try to boil this down: 1) :pserver: is a supported mode for cvs projects; it is used by *many* sites, including java.net. It isn't going away, and it isn't a helpful suggestion to tell users to use something else. 2) Regardless of what you think about the underlying security, *any* system that stores passwords, whether in encrypted/obfuscated form or not, and doesn't provide a way to clear those stored passwords is dimishing the security of that system in an unacceptable manner. Period. Telling users to go delete a file manually after exiting your tool is not a solution.
This functionality is missing now but there is a simple workaround. *** This issue has been marked as a duplicate of 58115 ***
This is not a duplicate of 58115. This bug concerns the inability to log out of CVS and have the saved CVS password removed from the IDE backing store. This is not a request to allow passwords to be changed.
The IDE has no backing store. We just do not have GUI for erasing ~/.cvspass entries. *** This issue has been marked as a duplicate of 58115 ***