CVS/SSH level of security using perforce ?

[RobChandhokchandhok at within.com]

At 9:23 AM -0700 6/4/98, Scott Blachowicz wrote:
>I would think so.  Wouldn't it make more sense to have the password for a user
>be in their 'p4 user' form?

I think that's a *bad* idea.  The password should be local to the clients
machine.  The whole point is to restrict ALL access to people without a
password.

At 9:29 AM -0700 6/4/98, Nick Triantos wrote:
>I'd like to add in my $0.02 that for Windows GUI users, if password support
>of some sort is added (I too hope it is), it'd be nice to have the GUI
>remember the password and just re-send it whenever necessary.  That way,
>GUI users could launch the GUI and just use it, without having to
>re-authenticate each time they perform an action of some sort.

Obviously the software should support an environment variable (or
something) for the password/secret so you don't have to type it all the
time.

The main point is that you can make policy decisions about
passwords/secrets that make as secure as the physical machines.  As it
stands, you can't require any authentication and that's bad.  I'm sure
Perforce loses sales because of this.

We've thought about offering "perforce hosting" for small developers
similar to web hosting services.  That's much harder to think about without
some kind of authentication in p4.

Rob