#native_company# #native_desc#
#native_cta#

The Power of CVS Page 2

By Tim Perdue
on July 30, 2000

CVS inherently communicates using clear text, even when sending your password. If you’re the type of developer
who has deactivated telnet and ftp and POP mail because of that, you won’t be satisfied with the security
that CVS offers on the server side. One approach (the one I took), is to create a file called passwd in
your $CVSROOT/CVSROOT directory. That file can contain a username/encrypted password combination similar
to /etc/passwd. The username in
that file should be a user that does not exist on your machine. If someone were to intercept the clear-text
password, they could not telnet to your box. However they could commit junk code to your CVS tree and make life
generally miserable. There are ways to incorporate secure communication with CVS, but it looked like a hassle
and I avoided it. The best policy is frequent, offsite-backups that are kept eternally (my personal policy).
For more info, check here.
So your CVS tree is initialized and you are using a passwd file. Now you should login to CVS. Since my CVS
server is a different box than the one I’m on, I need to use a long, drawn-out -d option to specify the
server:

[tperdue@db columns] $ cvs -d :pserver:[email protected]:/fireball/cvs login

OK, you’re logged in. CVS just stored your password in an easily-hacked file in your home directory.
All of my existing code was stored on my sexy little VAIO laptop, so I had to import it.

[tperdue@db columns] $ cd ..

[tperdue@db www.phpbuilder.com] $ cvs -d :pserver:[email protected]:/fireball/cvs import -m "start" www.phpbuilder.com x a

The -m option attaches a message (“start”). www.phpbuilder.com is the directory to create under the CVSROOT. “x” is a
“vendor tag”, which is required here, but not referenced. “a” is the release version.
That command imported everything that fell beneath my www.phpbuilder.com directory (everything on this site) into the
tree.