[p4] Storing Confidential Files in Perforce
jgrills at soe.sony.com
Sat Mar 19 21:02:36 PST 2005
We run a server with the depot files on an encrypted file system, and
the clients are required to sync to an encrypted location as well, but
we have no way to actually enforce the client encryption part. We left
the DB files on a normal file system, assuming the file names weren't
sensitive. We've also set the security level to the highest level,
requiring the use of "p4 login" and tickets. You could set the ticket
time lower than the default for some added security as well. SSH, as
some people have suggested, is a good idea, although not one we use as
the server is on a secure subnet not connected to any other networks.
You should be very careful with the protection table. It's best to put
the most sensitive stuff at the bottom so that you don't accidentally
write a rule that gives permission to files you didn't intend. Use the
IP restrictions if they make sense as well.
From: perforce-user-bounces at perforce.com
[mailto:perforce-user-bounces at perforce.com] On Behalf Of Simon Marr
Sent: Friday, March 18, 2005 3:45 AM
To: perforce-user at perforce.com
Subject: [p4] Storing Confidential Files in Perforce
Hi Newbie here!
I'm interested to know what additional security measures others may have
taken when storing confidential material in the perforce depot?
Passwords are all too easy to crack and I wondered if anyone had used a
file encryption method such as mounting an encrypted disk image to store
the depot? If so, what were the issues and were there any implications
for the server daemon process and client workspace?
Come to the 2005 Perforce User Conference, April 14 & 15 in Las Vegas.
Learn more: http://www.perforce.com/conf
perforce-user mailing list - perforce-user at perforce.com
More information about the perforce-user