This post originated from an RSS feed registered with .NET Buzz by Korby Parnell. Original Post: VSS Security Tip Feed Title: Korby Parnell Feed URL: /msdnerror.htm?aspxerrorpath=/korbyp/Rss.aspx Feed Description: Copyright 2003 Korby Parnell Fri, 01 Aug 2003 10:03:48 GMT ChrisAn's BlogX korbyp@microsoft.com korbyp@microsoft.com Alex Lowe Joins Microsoft http://blogs.gotdotnet.com/korbyp/permalink.aspx/536bb108-6a66-4dc6-8847-69f4d799bb55 http://blogs.gotdotnet.com/korbyp/permalink.aspx/536bb108-6a66-4dc6-8847-69f4d799bb55 Fri, 01 Aug 2003 10:03:48 GMT From ASP.NET MVP to Microsoft .NET Evangelist.  Success is the domain of good guys.  Welcome aboard Alex.  I look forward to meeting you in person.  Thanks to ScottW for posting the big announcement. Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho. Latest .NET Buzz Posts Latest .NET Buzz Posts by Korby Parnell Latest Posts From Korby Parnell

When talking to my feature team, I often refer to "VSS security"--which basically consists of user rights and permissions--as the "the façade". Forget what you know about tiered development and façade layers for a moment. I use the word façade quite literally. The security of a Visual SourceSafe database is only as good as the security of the physical folder or share in which it resides.

That being said, one of the easiest things you can do to improve the security of your VSS installation is to hide the network share(s) containing your database. You can do this by adding the '$' symbol to the end of the share name. I've never understood why the Windows team hasn't added an option like, "Hide this Share on the Network". Maybe they have and I've just missed it... Anyway, to hide a share from remote users in WindowsXP and Windows .NET Server:

1. Right-click the database folder, click Properties, and then select the Sharing tab.
2. Click Do not share this folder and then click OK.
3. Right-click the unshared database folder, click Properties, and then select the Sharing tab.
4. Click Share this folder and in the Share name box, type the name of your share followed by a '$' symbol (e.g., VSSLibrary$), and then click OK.

Of course, if you hide your database shares, your users won't be able to find them on the network. Thus, when creating a new database or changing the name of an existing database share, you must tell your VSS users the exact path to the new database share so that they can add the database (in this case \\computername\VSSLibrary) to the list of Available databases in the Open SourceSafe Database dialog box.

We (the royal we) recently published a whitepaper on the subject of security and Visual SourceSafe.  Kudos to Oded and Christine for driving that project to fruition.  -Korby

This posting is provided "AS IS" with no warranties, and confers no rights. Microsoft kann für die Richtigkeit und Vollständigkeit der Inhalte in dieser Newsgroup keine Haftung übernehmen. Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.