24 messages in com.perforce.perforce-user[p4] Restrictive Depot Access| From | Sent On | Attachments |
|---|---|---|
| Matt Peterson | 14 Mar 2001 13:15 | |
| Matthew Rice | 14 Mar 2001 13:40 | |
| Meyer, Maurice | 14 Mar 2001 14:12 | |
| Rob Jellinghaus | 14 Mar 2001 14:12 | |
| Gordon Broom | 14 Mar 2001 15:08 | |
| Constantino Morera | 15 Mar 2001 01:08 | |
| Robert Cowham | 15 Mar 2001 04:22 | |
| Robert Cowham | 15 Mar 2001 05:11 | |
| Steve Smythe | 15 Mar 2001 07:31 | |
| Jeff A. Bowles | 15 Mar 2001 08:15 | |
| Steve Smythe | 15 Mar 2001 08:39 | |
| William | 15 Mar 2001 09:04 | |
| Steve Cogorno | 15 Mar 2001 11:15 | |
| Steve Smythe | 15 Mar 2001 13:07 | |
| mj...@panasas.com | 15 Mar 2001 21:12 | |
| Robert Cowham | 16 Mar 2001 03:05 | |
| Paul Goffin | 16 Mar 2001 03:44 | |
| Matthew Rice | 16 Mar 2001 05:18 | |
| Jonathan Biggar | 16 Mar 2001 08:10 | |
| Matthew Rice | 16 Mar 2001 08:31 | |
| mj...@panasas.com | 16 Mar 2001 08:40 | |
| Robert Cowham | 16 Mar 2001 08:56 | |
| Jon Biggar | 16 Mar 2001 09:04 | |
| Steve Cogorno | 16 Mar 2001 09:54 |
| Subject: | [p4] Restrictive Depot Access |
|---|---|
| From: | Robert Cowham (rob...@vaccaperna.co.uk) |
| Date: | 03/16/2001 03:05:17 AM |
| List: | com.perforce.perforce-user |
No, you've hit the nail on the head. Obviously you can control access to your .login or whatever using the file system, otherwise as you say it is trivial to copy the value (cleartext or "encrypted"), but Perforce's security model is not that secure.
My understanding is that it fits the general philosophy - Perforce isn't and does not aim to be a ClearCase type of environment where everything can be controlled to the Nth degree. Also, the security in its current form is "good enough" for the majority of customers (unless you know different....). Perhaps as the product matures, they will give more thought to this area - one issue no doubt is the difficulty of supporting something more secure on all the platforms that Perforce runs on. On a personal note, I generally find you have better results from trusting colleagues too much than not enough - so the current level of security is usually OK.
One guideline for Windows users in particular is to never use p4 passwd to set the password because it stores it in the registry which can then be viewed by other users if they have access to the PC (particularly vulnerable if you are on win95/98). Instead they should manually enter the password (p4win prompts for it when you start up or switch users which is nice) in the environment. Obviously Unix users can do this too - just set the environment variable by hand when you log on - a bit of a pain and still vulnerable if someone else can look at your environment.
In this case the password would be set by editing the profile in p4 user.
The problem with using a single P4CONFIG file (however well controlled) to store it, is that you then can't use P4CONFIG for switching between different projects/client workspaces in different directories which is what P4CONFIG is so useful for (and indeed intended).
As a minor aside, it would be nice if Perforce at least gave a switch to p4 passwd which printed the hashed version that could be cut and pasted into an environment variable - a slightly safer thing to have around as previously mentioned.
Robert
-----Original Message----- From: perforce-user-admin at perforce.com [mailto:perforce-user-admin at perforce.com]On Behalf Of mju at panasas.com Sent: Friday, March 16, 2001 05:12 To: perforce-user at perforce.com Subject: RE: [p4] Restrictive Depot Access
Er, maybe I've missed something here, but in order to use passwords you need to set P4PASSWD to your cleartext password. This means that all of the users are going to put that in their .login or .profile. So, if I can discover someone's Perforce password by trivially looking at their dotfiles, why should I even bother with passwords?
Even if you use the trick that another responder mentioned (grabbing the hashed value from NT and setting P4PASSWD to that), that is no better, since that string is equivalent to the password and can just be cut-and-pasted.
Perforce won't have real security until the stupid P4PASSWD thing is ripped out and replaced with something that's actually secure, like Kerberos. How about it, Perforce? I know you've been talking about doing that for a while, but I haven't seen any action...
-- Marc Unangst Software Engineer, Panasas, Inc. Pioneering Object-Based Network Storage (ONS)