security
Fernando Cremer talks about
Surround SCM on July 15, 2011 In a recent post, I discussed how to use security groups in TestTrack to simplify the Item window. In this post, I’m going to cover Surround SCM security groups, specifically the permissions that control the access to files.
To access security groups go to View > Security Groups…
Understanding File Access Permissions in Surround SCM
Surround SCM provides three levels of file access permissions, and these are set for each security group.
Default Security
These are the permissions that will, by default, apply to all files on all branches and repositories. These are set on the Server Security tab of the Security Group window. Under the “Files (Default)” category you specify the file access permissions that will be the default for all branches and repositories. In the following screenshot, you’ll see that the Dev Team has all file permissions enabled except Destroy on all branches and repositories across all mainlines.
Edit Security Group Window
Continue reading…
Share on Technorati . del.icio.us . Digg . Reddit . Slashdot . Facebook . StumbleUpon
Tags: branch security, file access permissions, repository security, security, security groups, server security
The TestTrack Server, Surround SCM Server, and Seapine License Server are all typically installed behind one or more corporate firewalls, which protect your data from the outside world. If that’s not the case for you, or you simply need another layer of security, you should enable encryption on server-to-server and client-to-server communications to better protect your data. Following is a brief overview of how to enable encryption for each of the servers. Read the Seapine product documentation for a more thorough explanation.
Continue reading…
Share on Technorati . del.icio.us . Digg . Reddit . Slashdot . Facebook . StumbleUponTags: encryption, how to, security, server options
Jeff Amfahr talks about
Surround SCM on March 08, 2010 Recently, you may have read about some security attacks against large companies like Google, Adobe and others called Operation Aurora. You may have also seen that the underlying attack was against their SCM systems. McAfee published a white paper on this topic (found here) that outlines some of the problems with the SCM system in question. Continue reading…
Share on Technorati . del.icio.us . Digg . Reddit . Slashdot . Facebook . StumbleUponTags: security
Jeff Amfahr talks about
Surround SCM on June 12, 2008 
Security in an application is one of those things that rarely gets discussed in a demo. Most people say “we have excellent security control” and then move on to some alluring graphical drag and drop functionality.
But security is something that lots of applications get wrong, for lots of different reasons. First, I should say that I’m not a security expert. I read Bruce Schneier’s blog and newsletter (so should you), along with all his books.
With that said, I know that real security is hard. And one of the things to understand about Surround SCM is that the security we focus on is the internal security of the application. That is, how do we prevent users once they have authenticated themselves (either using our internal authentication or an enterprise solution like LDAP or Active Directory, both of which we integrate with) from doing things they should not do.
Continue reading…
Share on Technorati . del.icio.us . Digg . Reddit . Slashdot . Facebook . StumbleUponTags: security
