[p4] Looking for a security suggestion

Tetrick, Cary ctetrick at midway.com
Mon Oct 15 10:06:44 PDT 2007 

I regard to copying, the only suggestion I could make would be to
severely limit which source they can view, such that it would require a
significant effort for them to make real use of it.

It's hard to understand what sort of "support people" would need to see
source unless they have to modify and build it. 
But I did have one such case - and here was my solution - 

We wanted to outsource the localization of a game. Because of some of
the code issues, there would be certain areas of code they would have
needed to modify, as well as the content. 
My solution was to modify the build process so that most source was
replaced with dummy files, and when the build process hit one, it simply
copied the obj files to be linked. This way, they could recreate the
build, but didn't have access to critical code.

Cary

-----Original Message-----
From: perforce-user-bounces at perforce.com
[mailto:perforce-user-bounces at perforce.com] On Behalf Of Ivey, William
Sent: Monday, October 15, 2007 10:33 AM
To: perforce-user at perforce.com
Subject: Re: [p4] Looking for a security suggestion



> Either you trust them or you don't.

I get the feeling the manager who's asking for this doesn't
fully trust them, or doesn't trust that they can keep their
end of the connection secure, which is more likely.

> It would do little to prevent copying.

Frankly, I thought it was kind of dumb for them to even
ask the question, but maybe they thought I had some kind
of magic.

I'm thinking the best we can do is limit these users' need
or desire to have more than a few files sitting on their
system. (If it is a laptop, I just assume it will be stolen
at some point.)

-Wm


-----Original Message-----
From: Chuck Karish [mailto:chuck.karish at gmail.com] 
Sent: Sunday, October 14, 2007 10:00 AM

On 10/13/07, Ivey, William <william_ivey at bmc.com> wrote:
> The question I was just asked was "Can we give support people access
> to the repository and still keep it secure?"

This one's easy: No.  Either you trust them or you don't.

> Other details I've been able to glean:
>     Access might be from outside the firewall
>     Maybe via https
>
> And I was asked if they can view the source code would they also be
> able to copy it (in other words, can we limit them to viewing only).

If they can read the code, how will you stop them from writing
it on a piece of paper?

> My reaction to that last is that if they can view it in any way, they
> can potentially copy it it. We could, at best, make it inconvenient.

And at the same time make it inconvenient for them to do theit
jobs.

> I said I would ask here if anyone had a good security model for such
> a situation. Anyone have any? Thanks.
>
> My own notion is they would be better off with an auto-synced
> directory on a unix machine. We can control logins, audit it, and
> shut it down immediately, if we have to, without affecting Perforce.

And deliver the content using a Web server?  That would be good
for usability and for access control.  It would do little to prevent
copying.

  Chuck

-- 
Chuck Karish   karish at well.com   (415) 317-0182

_______________________________________________
perforce-user mailing list  -  perforce-user at perforce.com
http://maillist.perforce.com/mailman/listinfo/perforce-user

More information about the perforce-user mailing list