[p4] Looking for a security suggestion

[Stephen Vance]

There are lots of ways to lock down a Perforce server. Yes, if they can 
view it they can copy it. If they can only view it a page/file at a 
time, then they have a slower task ahead of them. If you can control the 
Web interface (e.g. P4DB instead of P4Web), you can instrument it the 
way they do in the porn industry to prevent copying. It's not 
fool-proof, but it certainly raises the bar on who can steal content. 
Since they have money and motive, they tend to set the standard on that 
kind of thing.

Anyway, there are too many options to detail without knowing the 
requirements better. Categorically, there are: protection table by user, 
group, and I/P, things to allow part of the security to be governed by 
the network, things to allow part of the security to be governed by the 
OS, and things to handle the security through your own layers.

Steve

Ivey, William wrote:
> The question I was just asked was "Can we give support people access
> to the repository and still keep it secure?"
>  
> Other details I've been able to glean:
>     Access might be from outside the firewall
>     Maybe via https
>  
> And I was asked if they can view the source code would they also be
> able to copy it (in other words, can we limit them to viewing only). 
> My reaction to that last is that if they can view it in any way, they
> can potentially copy it it. We could, at best, make it inconvenient.
>  
> I said I would ask here if anyone had a good security model for such
> a situation. Anyone have any? Thanks.
>  
> My own notion is they would be better off with an auto-synced
> directory on a unix machine. We can control logins, audit it, and
> shut it down immediately, if we have to, without affecting Perforce.
>  
> -Wm
>  
>  
>
> _______________________________________________
> perforce-user mailing list  -  perforce-user at perforce.com
> http://maillist.perforce.com/mailman/listinfo/perforce-user
>
>   

-- 
Stephen Vance
www.vance.com