tags:

views:

113

answers:

5
+6  Q: 

Secure version control

I would like to have your opinion about the subject "version control", but focusing on security.

Some common features:

  • allowing to access to source code using clients only (no way to access the source code on the server directly)

  • granting permission to access only the source code which I am allowed to modify (i.e.: a developer should be able to access the source code related to his project only). So it should be possible to create user groups and granting different levels of access.

  • tracking modifications, check-ins, and check-outs and the developers who made them...

  • ...and, surely, I am forgetting something.

Which are the most "paranoid" version control systems that you know? Which features do they implement?

My aim is creating an enviroment for developing applications managing sensible data: credit cards, passwords, and so on... A malicious developer may insert backdoor or intentionally alter some security features. So the access to the source code should be controlled strictly. I must confess that my knowledge of version control systems is poor, so, I fear, customizing SVN could be a hard task for me.

Thanks

+1  A: 

I know that the ones you want are not the ones you want. For example, Clearcase or Serena Dimensions can do all the above... but you'd be bonkers to want to use them. (ah, I hear you say, I'm the admin so I don;t have to take that pain. Well, these also require lots of care and attention - we had 8 Clearcase admins at the last company I worked for. You don't want the nightmare of continually helping users with them).

So. You can have the horrible ones, or you could just use the friendly, easy-to-use SVN and implement your own checkout-tracking (using http transport and Apache logs), and slap access control permissions on every directory. You'd also have to secure the end-repository on disc, but you have to do this with every SCM, even something like Dimensions stores its database in Oracle - if you had access to Oracle instance, you could fiddle with the saved bits, so you have to secure that anyway.

gbjbaanb  2010-01-11 17:39:03
In Clearcase, you can't control vob-level mounting and reading(that's a major issue at my workplace). Version...8? 7.1? will introduce that.
Paul Nathan  2010-01-11 17:43:00
@Paul, agreed. Clearcase has very limited control over access. Not just vob-level mounting, but it's very hard to control what users can see within a vob; generally you have to use unix groups, which are notoriously limited and difficult to enforce.
Rob Napier  2010-01-11 20:55:21
+1  A: 

Perforce is widely used in the Finance Industry where security of code is sometimes an issue.

You can setup gatekeepers and access controls to restrict visibility of code and produce audit trails for various activities for SOX compliance.

Robert Christie  2010-01-11 17:39:12
Agreed. While I'm not a big fan of Perforce, it's the only one I've used that can do most of these things. Clearcase lacks the granularity, and most opensource tools (cvs, svn, hg, git) are weak around it because they focus on opensource projects. For good audit functions and granular access control, I'd definitely go with p4, much as it drives me crazy as a user.
Rob Napier  2010-01-11 21:02:34
@Rob Napier: I agree - given the choice, I'd go with an open source distributed version control system. But if the main requirements are audit-ability and security, Perforce is what I'd recommend. Of course, would happily switch if hg, git or Bazzar get the equivalent functionality!
Robert Christie  2010-01-11 21:13:21
+1  A: 

Perforce has those features and is a really good product imho.

klausbyskov  2010-01-11 17:39:20
Really? We used to use p4 at work and had to deal with slow repositories, sluggish response during checkpointing, poor integration tracking etc. I feel that it depends too much on the power of the machine that's hosting the server since it does almost everything there.
Noufal Ibrahim  2010-01-11 17:52:14
+1  A: 

github is a wrapper for git which provides these features for git server. Compared to raw git servers, it notably includes access control, and it also has useful web interfaces to the code for authorised users.

Alex Brown  2010-01-11 17:41:14
+1  A: 

Use a well-known, industry standard system like subversion. It can control access to individual projects very simply, and using the web server authz configuration can control individual access to specific files in each project.

The only non-stanard issue is logging check-outs. But the web server can easily log this information for you.

Your users will thank you.

John  2010-01-12 09:47:55

related questions

Managed Source Control Hosting and Continuous Integration with CVSDude and CruiseControl.net
What is the best way to handle files for a small office?
The theory (and terminology) behind Source Control
Setting up Subversion on Windows as a service
Configuring VisualSVN Server to use _svn instead of .svn
Finding untracked files in a Perforce tree
Learning Version Control, and learning it well
Common Types of Subversion Hooks
Source control for web projects.
How do you deal with configuration files in source control?
Undoing a git reset --hard HEAD~1
Database Version Control
Version control PHP Web Project
DVCS Choices - What's good for Windows?
What is a good Mercurial usage pattern for this setup?
Experience with SVN vs. Team Foundation Server?
What is the difference between all the different types of version control?
Version Control. Getting started...
How do I create a branch in SVN?
Federated (Synced) Subversion servers?
Different Distributed Version Control Systems working together
What are the advantages of using SVN over CVS?
Is there a version control system for database structure changes?
Distributed source control options
How do I version my MS SQL database in SVN?