[p4] P4 reopen with security level 3

Jeff A. Bowles jab at pobox.com
Mon Mar 10 19:02:34 PDT 2008


I would make sure that the field named "Host:" is set to a non-empty  
value in the workspace, which prevents someone from using their  
machine to masquerade as your workspace's machine. (It is the default  
for new workspaces - default is that it's filled in with the machine  
name of the creating machine.)

If this is much of a problem, I'd consider putting a bit of  
restriction on workspace spec changes (triggers that insist on  
Hostname set or perhaps something more elaborate) and changes to the  
Host: field, or perhaps I'd buy the coworker's kid a toy drum for his  
next birthday.

    -Jeff Bowles
    Perforce Consulting Partner / Certified Trainer


On Mar 10, 2008, at 3:46 PM, Looney, James B (N-ULA) wrote:

> I haven't completely checked this out, but it got my attention when  
> one
> of my coworkers 'stole' a file from me.  He used p4 reopen, and it was
> reopened in his name.  Am I missing something in believing that with
> security in place (level 3), that this should not be allowed to  
> happen?
>
> To make sure the question's clear:
> user1: p4 edit file.cpp
> 	file.cpp - opened for edit
>
> user2: p4 opened
> 	file.cpp edit default change (text) by jlooney at clientName
> user2: p4 reopen file.cpp
> user2: p4 opened
> 	file.cpp - edit default change
>
> It seems to me as though this violates part of why we have to login as
> individual users.  Unless this has something to do with user1 and  
> user2
> being in the same group or having access to the same files?
>
> Thanks,
> -James
> _______________________________________________
> perforce-user mailing list  -  perforce-user at perforce.com
> http://maillist.perforce.com/mailman/listinfo/perforce-user



More information about the perforce-user mailing list