[p4] Looking for a security suggestion

alex.pavloff@l-3com.com alex.pavloff at l-3com.com
Wed Oct 17 11:42:24 PDT 2007 

Write a web application that reads a subset of the depot, converts the
text to a graphics file, adds random speckles and noise to the image to
prevent OCRing, and put that on the screen.

	-Alex

-----Original Message-----
From: perforce-user-bounces at perforce.com
[mailto:perforce-user-bounces at perforce.com] On Behalf Of Ivey, William
Sent: Monday, October 15, 2007 8:33 AM
To: perforce-user at perforce.com
Subject: Re: [p4] Looking for a security suggestion



> Either you trust them or you don't.

I get the feeling the manager who's asking for this doesn't
fully trust them, or doesn't trust that they can keep their
end of the connection secure, which is more likely.

> It would do little to prevent copying.

Frankly, I thought it was kind of dumb for them to even
ask the question, but maybe they thought I had some kind
of magic.

I'm thinking the best we can do is limit these users' need
or desire to have more than a few files sitting on their
system. (If it is a laptop, I just assume it will be stolen
at some point.)

-Wm


-----Original Message-----
From: Chuck Karish [mailto:chuck.karish at gmail.com] 
Sent: Sunday, October 14, 2007 10:00 AM

On 10/13/07, Ivey, William <william_ivey at bmc.com> wrote:
> The question I was just asked was "Can we give support people access
> to the repository and still keep it secure?"

This one's easy: No.  Either you trust them or you don't.

> Other details I've been able to glean:
>     Access might be from outside the firewall
>     Maybe via https
>
> And I was asked if they can view the source code would they also be
> able to copy it (in other words, can we limit them to viewing only).

If they can read the code, how will you stop them from writing
it on a piece of paper?

> My reaction to that last is that if they can view it in any way, they
> can potentially copy it it. We could, at best, make it inconvenient.

And at the same time make it inconvenient for them to do theit
jobs.

> I said I would ask here if anyone had a good security model for such
> a situation. Anyone have any? Thanks.
>
> My own notion is they would be better off with an auto-synced
> directory on a unix machine. We can control logins, audit it, and
> shut it down immediately, if we have to, without affecting Perforce.

And deliver the content using a Web server?  That would be good
for usability and for access control.  It would do little to prevent
copying.

  Chuck

-- 
Chuck Karish   karish at well.com   (415) 317-0182

_______________________________________________
perforce-user mailing list  -  perforce-user at perforce.com
http://maillist.perforce.com/mailman/listinfo/perforce-user

More information about the perforce-user mailing list