Yep, our developers are the same. I am the only one with "Destroy" privileges in the system.
The network shares in SourceSafe are a real problem though. All users you must have "Write Access" to the network share, in which case they can then delete the entire SourceSafe database, even if in SourceSafe they do not have the "Delete" or "Destroy" privilege.
Quoting from the Microsoft KB Article KB812483, titled "How to Lock Down a Visual SourceSafe Database":
Locking down the database does not provide the following:
- Project-level security. You can use the VSS Administrator program to set rights and assignments for specific VSS projects or individual VSS users but all VSS users must be granted the same permissions for the Windows folders. Therefore, all VSS users, regardless of their project-level rights as specified using the VSS Administrator program, can access the shared folders and have full control over all VSS data but not the files that control and administer the program and database. Do not use the shared database to store files that contain sensitive information, for example, payroll information or legal documents.
- Read-only VSS users. If you want to limit certain VSS users to only be able to read files in the VSS database, it is recommended that you do not make those people VSS users but instead create a shadow folder and give them access to it.
There is a classic diagram in the same KB Article. In the document called "Introduction to Visual SourceSafe Security", look on page 2 under the heading "Securing the Database and Managing the Users". My favourite part is the sentence that reads "Do no rely on VSS to secure your data: even read-only VSS users can delete a VSS database from a shared network folder to which they have access". Immediately below this text is a lovely picture showing how you bypass VSS security, and it is laughable that this picture is included in a document supposedly about Security.
Paul
*********** ORIGINAL MESSAGE ***********
On 7/09/2005 at 8:36 AM Edwards Ed wrote:
We use SourceSafe version 6.0 and I am the "Admin". However, the
SourceSafe database in on a network drive where only the "developers -
hehe" can access it and they only have "read" rights. We have had
"developers" that have tried to delete procedures, functions, etc and they
said: "We can delete anything. We have to come to you!". Hehe!
-----Original Message-----
From: Paul Murgatroyd
[mailto:oracledba-ezmlmshield-x91045207.[Email address protected]
Sent: Wednesday, September 07, 2005 8:26 AM
To: LazyDBA Discussion
Subject: Re[2]: Microsoft Visual SourceSafe
We have SourceSafe as well, and I was tasked with the Admin of this beast.
SourceSafe is not a secure system, and believe it or not, even a user who
has "read only" access in SourceSafe can actually still delete the entire
SourceSafe database via the backend!
Still, it is better than having nothing!
Cheers,
Paul
*********** ORIGINAL MESSAGE ***********
On 6/09/2005 at 9:59 AM Patterson Joel wrote:
Yeah, we have it and it sucks. (but that's just a personal opinion).
I can't say I know all about it as we have no 'administrator', it's
basically a free for all. ie developers check in and out code, and
dba's pull and install.
For security purposes, maybe if implemented properly it would work, but
it does not 'branch' like PVCS.
--------
website: http://www.LazyDBA.com
Please don't reply to RTFM questions
Oracle documentation is here: http://tahiti.oracle.com
To unsubscribe: see http://www.lazydba.com/unsubscribe.html
To subscribe: see http://www.lazydba.com
By using this list you agree to these
terms:http://www.lazydba.com/legal.html
--------
website: http://www.LazyDBA.com
Please don't reply to RTFM questions
Oracle documentation is here: http://tahiti.oracle.com
To unsubscribe: see http://www.lazydba.com/unsubscribe.html
To subscribe: see http://www.lazydba.com
By using this list you agree to these
terms:http://www.lazydba.com/legal.html
Oracle LazyDBA home page