Access Control and Security
The Perforce server stores file content in a master repository that, when properly installed, is inaccessible to users. User access to files is controlled by one or more Perforce superusers. A range of file access protection levels can be granted. Protections can be set for repository file paths, users, groups, and IP address subnets. The server can maintain an audit log of client access events for SOX and other compliance requirements.
User authentication is controlled by the Perforce system administrator. Password strength is configurable; ticket-based authentication can be configured as well. Triggers (custom scripts or programs that run at predefined events) can be set on many but not all Perforce user commands and used to extend user authentication (with LDAP or SSO, for example), to block or allow user commands, and to constrain or normalize file modifications. Triggers are run by the Perforce server and do not have access to client machines or workspaces.
Perforce, like most version control systems, does not encrypt file content in the master repository or on user machines. Perforce versions prior to 2012.1 cannot encrypt file content sent over the network. A tunneling protocol (like VPN or SSH) must be used to secure network transfers with those versions.
The Perforce client completely trusts the server, including writing arbitrary files anywhere in the local filesystem, and therefore running arbitrary code from the server. That means the server has complete control over the client user's account, including reading and writing and sending all non-source code files of the user. In environments where the Perforce server is managed by a third party, this poses a significant threat to the client's security and privacy.
Read more about this topic: Perforce
Famous quotes containing the words access, control and/or security:
“In the greatest confusion there is still an open channel to the soul. It may be difficult to find because by midlife it is overgrown, and some of the wildest thickets that surround it grow out of what we describe as our education. But the channel is always there, and it is our business to keep it open, to have access to the deepest part of ourselves.”
—Saul Bellow (b. 1915)
“The poets were not alone in sanctioning myths, for long before the poets the states and the lawmakers had sanctioned them as a useful expedient.... They needed to control the people by superstitious fears, and these cannot be aroused without myths and marvels.”
—Strabo (c. 58 B.C.c. 24 A.D., Greek geographer. Geographia, bk. 1, sct. 2, subsct. 8.
“The contention that a standing army and navy is the best security of peace is about as logical as the claim that the most peaceful citizen is he who goes about heavily armed. The experience of every-day life fully proves that the armed individual is invariably anxious to try his strength. The same is historically true of governments. Really peaceful countries do not waste life and energy in war preparations, with the result that peace is maintained.”
—Emma Goldman (18691940)