External Access to Bug Tracking but not Source Conrol

If you are having a problem using Fortress, post a message here.

Moderator: SourceGear

Xavier
Posts: 230
Joined: Tue Mar 01, 2005 5:06 am

Re: External Access to Bug Tracking but not Source Conrol

Post by Xavier » Wed Jan 14, 2009 4:44 am

I think you forget that some company as us, cannot afford to have an IT department/expert.
We're Visual C++ experts, not firewalls, VPN, IIS.... experts and what should be a very simple solution has been very difficult for us to install (partly because of Windows Server 2008 also...)

What I mean, is that I know the security will be better if the connections occur through a VPN (though our customers would have an account and will have a VPN connection in our server !); but that I can accept lesser security to have it simpler to use.
Whatever you do there always is a way to break the security, and I think it's more likely a customer has unexpected (forgotten) rights to company private data than a hacker wanting to break through a so small company website (though it could occur).

In short : the limit for local/remote is interesting even if not perfect (as security is concerned), we do not have means to setup complex systems/firewalls/rules... to handle that ourselves.

Hoping to have that feature some day...
Best regards

Xavier

lbauer
Posts: 9736
Joined: Tue Dec 16, 2003 1:25 pm
Location: SourceGear

Re: External Access to Bug Tracking but not Source Conrol

Post by lbauer » Thu Jan 22, 2009 4:23 pm

Thanks for your feedback.
Linda Bauer
SourceGear
Technical Support Manager

Xavier
Posts: 230
Joined: Tue Mar 01, 2005 5:06 am

Re: External Access to Bug Tracking but not Source Conrol

Post by Xavier » Mon Mar 16, 2009 4:58 am

Hello,

we are now giving access to the our fortress website for user's having a contract with us.
So those securiry issues become really important for us (that's one of the reason for which I chose Fortress and buy "so many" web only licence).

In order of preference:
-prevent access to source control for some users (asmx seems fine, but I don't see any 'user' related right ? only IP address, and I'm often out of the office; would a VPN be mandatory)
-enforce password rules so that company user's having access to source control cannot change their password or force it to have some complexity rule
-hide full user from web user's (assignee, resolver combos ... that do not concern them)
- hide source control tab from web user's, and informations related to checkin in the item history

Once a gain we are not big enough to have IT department, and really need some help to provide a good protection to our source code and give our user's what we bought fortress for : item tracking

Looking forward for some help

Xavier
Best regards

Xavier

lbauer
Posts: 9736
Joined: Tue Dec 16, 2003 1:25 pm
Location: SourceGear

Re: External Access to Bug Tracking but not Source Conrol

Post by lbauer » Mon Mar 16, 2009 10:30 am

Regarding Fortress usernames in the dropdowns -- if users all have access to the same Item tracking project, there's no way currently to hide user names in the dropdowns. If you want to limit what usernames are seen, you could give only certain users access to certain Item Tracking projects.

You can't hide the Source Control tab, but if users have no access to Source Control, they will see just the word Repositores and a blank page.

For password management you could use Active Directory authentication, although that means adding users to your AD.

The type of security you're describing involves both network and Fortress security. Fortress can't make network decisions, though we've logged feature requests for the functionality you've described. We wish we could do more to help, but we're experts in Fortress and not IT experts, especially when it comes to an individual network.
Linda Bauer
SourceGear
Technical Support Manager

Post Reply