From c1fae03af724e1baf8be71e06e7d181a8ce97241 Mon Sep 17 00:00:00 2001
From: "dmose%mozilla.org" <dmose%mozilla.org>
Date: Wed, 29 Mar 2000 22:15:15 +0000
Subject: [PATCH] Fixed a security hole: .cvspass was in the webtree, and thus
 readable via the server.

---
 webtools/despot/syncit.pl | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/webtools/despot/syncit.pl b/webtools/despot/syncit.pl
index 79c4e07f7af..68d6ed1c1fd 100755
--- a/webtools/despot/syncit.pl
+++ b/webtools/despot/syncit.pl
@@ -29,7 +29,13 @@ $perlbin = "/tools/ns/bin/perl5.004";
 #$cvs = "/usr/bin/cvs";
 #$whoami = "/usr/bin/whoami";
 #$perlbin = "/usr/bin/perl";
+
+#$curdir = `pwd`;
+#chop($curdir);
+#$ENV{"CVS_PASSFILE"} = "$curdir/.cvspass";
     
+$ENV{"CVS_PASSFILE"} = "/usr/local/etc/despot-cvspass";
+
 $dontcommit = 0;
 $usertoblame = "";
 
@@ -70,10 +76,6 @@ if (open(HOST, "/bin/hostname|")) {
 
 $ENV{"HOME"} = glob("~$mylogin"); # CVS wants this.
 
-$curdir = `pwd`;
-chop($curdir);
-$ENV{"CVS_PASSFILE"} = "$curdir/.cvspass";
-
 if ($usertoblame eq "") {
     $usertoblame = $mylogin;
 }