I think you forget that some company as us, cannot afford to have an IT department/expert.
We're Visual C++ experts, not firewalls, VPN, IIS.... experts and what should be a very simple solution has been very difficult for us to install (partly because of Windows Server 2008 also...)
What I mean, is that I know the security will be better if the connections occur through a VPN (though our customers would have an account and will have a VPN connection in our server !); but that I can accept lesser security to have it simpler to use.
Whatever you do there always is a way to break the security, and I think it's more likely a customer has unexpected (forgotten) rights to company private data than a hacker wanting to break through a so small company website (though it could occur).
In short : the limit for local/remote is interesting even if not perfect (as security is concerned), we do not have means to setup complex systems/firewalls/rules... to handle that ourselves.
Hoping to have that feature some day...
External Access to Bug Tracking but not Source Conrol
Moderator: SourceGear
Re: External Access to Bug Tracking but not Source Conrol
Best regards
Xavier
Xavier
Re: External Access to Bug Tracking but not Source Conrol
Thanks for your feedback.
Linda Bauer
SourceGear
Technical Support Manager
SourceGear
Technical Support Manager
Re: External Access to Bug Tracking but not Source Conrol
Hello,
we are now giving access to the our fortress website for user's having a contract with us.
So those securiry issues become really important for us (that's one of the reason for which I chose Fortress and buy "so many" web only licence).
In order of preference:
-prevent access to source control for some users (asmx seems fine, but I don't see any 'user' related right ? only IP address, and I'm often out of the office; would a VPN be mandatory)
-enforce password rules so that company user's having access to source control cannot change their password or force it to have some complexity rule
-hide full user from web user's (assignee, resolver combos ... that do not concern them)
- hide source control tab from web user's, and informations related to checkin in the item history
Once a gain we are not big enough to have IT department, and really need some help to provide a good protection to our source code and give our user's what we bought fortress for : item tracking
Looking forward for some help
Xavier
we are now giving access to the our fortress website for user's having a contract with us.
So those securiry issues become really important for us (that's one of the reason for which I chose Fortress and buy "so many" web only licence).
In order of preference:
-prevent access to source control for some users (asmx seems fine, but I don't see any 'user' related right ? only IP address, and I'm often out of the office; would a VPN be mandatory)
-enforce password rules so that company user's having access to source control cannot change their password or force it to have some complexity rule
-hide full user from web user's (assignee, resolver combos ... that do not concern them)
- hide source control tab from web user's, and informations related to checkin in the item history
Once a gain we are not big enough to have IT department, and really need some help to provide a good protection to our source code and give our user's what we bought fortress for : item tracking
Looking forward for some help
Xavier
Best regards
Xavier
Xavier
Re: External Access to Bug Tracking but not Source Conrol
Regarding Fortress usernames in the dropdowns -- if users all have access to the same Item tracking project, there's no way currently to hide user names in the dropdowns. If you want to limit what usernames are seen, you could give only certain users access to certain Item Tracking projects.
You can't hide the Source Control tab, but if users have no access to Source Control, they will see just the word Repositores and a blank page.
For password management you could use Active Directory authentication, although that means adding users to your AD.
The type of security you're describing involves both network and Fortress security. Fortress can't make network decisions, though we've logged feature requests for the functionality you've described. We wish we could do more to help, but we're experts in Fortress and not IT experts, especially when it comes to an individual network.
You can't hide the Source Control tab, but if users have no access to Source Control, they will see just the word Repositores and a blank page.
For password management you could use Active Directory authentication, although that means adding users to your AD.
The type of security you're describing involves both network and Fortress security. Fortress can't make network decisions, though we've logged feature requests for the functionality you've described. We wish we could do more to help, but we're experts in Fortress and not IT experts, especially when it comes to an individual network.
Linda Bauer
SourceGear
Technical Support Manager
SourceGear
Technical Support Manager