[p4] password encyrption
Adam Breashears
ABreashears at nyse.com
Thu Oct 5 15:21:38 PDT 2006
Of particular concern here is who can move code between 'staging' areas
for different levels of the release cycle, and most importantly -
production.
So source files in clear text isn't so much an issue (and changing our
internal culture on file submission would be a different battle) as to
which users can sync to where (since production points to a particular
source).
The benefit to built in encryption is the 'Lowest Common Denominator'
theory of user behavior. :)
Excellent links!
-----Original Message-----
From: Weintraub, David [mailto:david.weintraub at bofasecurities.com]
Sent: Thursday, October 05, 2006 5:00 PM
To: Adam Breashears; perforce-user at perforce.com
Subject: RE: [p4] password encyrption
Even if Perforce encrypted its passwords, there would be security
concerns because the source files themselves would still be cleartext.
If you are doing external development (or even internal development),
you can use Perforce via SSH and that will not only encrypt and secure
the passwords, but also all transmissions between the client and server.
See <http://www.perforce.com/perforce/wan.html> and Tech Note #22
<http://www.perforce.com/perforce/technotes/note022.html>.
I've seen a lot of packages that "encrypt" their data only to later
discover that the encryption is done very poorly. I would rather have
the software company admin that their software isn't encrypted and tell
me how to use it with ssh or https rather than the company pretend that
the software is secure.
-----Original Message-----
From: perforce-user-bounces at perforce.com
[mailto:perforce-user-bounces at perforce.com] On Behalf Of Adam Breashears
Sent: Thursday, October 05, 2006 4:06 PM
To: perforce-user at perforce.com
Subject: [p4] password encyrption
Hello
We're attempting a perforce implementation to help with some sensitive
areas and we're getting negative feedback about perforce because it
sends passwords in clear text.
I've talked to support and apparently password encryption is an 8 year
old request with many customers requesting it, but I was wondering how
some of you have handled this interally?
************************************************************************
*****
Note: The information contained in this message and any attachment to
it is privileged, confidential and protected from disclosure. If the
reader of this message is not the intended recipient, or an employee or
agent responsible for delivering this message to the intended recipient,
you are hereby notified that any dissemination, distribution or copying
of this communication is strictly prohibited. If you have received this
communication in error, please notify the sender immediately by replying
to the message, and please delete it from your system. Thank you. NYSE
Group.
_______________________________________________
perforce-user mailing list - perforce-user at perforce.com
http://maillist.perforce.com/mailman/listinfo/perforce-user
*****************************************************************************
Note: The information contained in this message and any attachment to it is privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying to the message, and please delete it from your system. Thank you. NYSE Group.
More information about the perforce-user
mailing list