[p4] Storing Confidential Files in Perforce

Chuck Karish chuck.karish at gmail.com
Sat Mar 19 10:55:28 PST 2005


On Fri, 18 Mar 2005 11:42:27 +0000, Simon Marr <Simon.Marr at ul.ie> wrote:
> If the data is encrypted in the server store, Perforce user protection
> is used and the client workspace is on an encrypted filesystem as well
> then I was thinking this would be sufficient.
>
> I will look into SSH server though.

If you set things up so that the ONLY way to access your Perforce
server is through SSH tunnels you'll have a system that isn't
totally silly.  The data will still be protected from other users who
have legitimate access to Peforce only by the native Perforce
protection mechanism.  If an administrator makes a configuration
mistake everything can be exposed.

If you really care about protecting the data, transfer it and store it
in encrypted form whenever it leaves the end user's workstation.
This requires use of end-user software that does encryption.
The big advantage is that the end users are the ones who maintain
trust relationships wwith each other.

If I were the Perforce administrator who was asked to implement
the server conffigurationyoudescribe I'd insist that someone with
direct authority and responsibility for corporate security own the
protect table.

-- 
Chuck Karish   karish at well.com   (415) 317-0182



More information about the perforce-user mailing list