ID: 4726 Fixed in:
Issue Date: 2006-11-14 08:25 AEST Owner:  CVS Support
Last Modified:  2007-08-27 08:44 AESTReporter:  Arthur Barrett
Current Est.  0.0 hours % Complete:  0.0  
Status:NEW / Severity:enhancement

Affected:  2.5.03
Description:  High security version of CVSNT?

Actions:    
2006-11-14 08:25 AEST by Arthur Barrett - This bug is to track requests and requirements for a high security version of 
CVSNT.  If this were to be implemented by March Hare Software then it would be 
a purely commercial product - most likely at a medium to high price point 
(similar to clearcase).  

Most of this is unnecessary - CVSNT can the SSPI / Active Directory 
identification of the user which may already involve Kerberos and Biometric 
identification at the operating system level, and on Unix/Linux PAM can be used 
which achieves the same result (provided you have implemented that security at 
the OS level).  Patches sent to/from the server are already hash checked to 
enure that what is recorded is definitely what was written by the author.  
Audit is already checked to ensure that it is written before the action is 
completed.

Very likely what is required is a "high security guide" at what security 
already exists and how to implement it - however a "security expert" would 
already understand all of that - so more likely a "security guide for dummies" 
is required.

The most common requests have been:
* validation by some security authority (US government)
* PGP signatures to validate that a checked out revision is identical to what 
was checked in (presumably there would need to be two implementations - a 
server version that would not be affected by different keyword expansion 
options, unicode/ascii/ebcdic etc, and a client version that was ultra 
sensitive to any change)
* PGP signatures on the RCS file to ensure it was not corrupted (probably also 
requires that the RCS file be read in/out of memory and written as a whole - 
not appended so that a PGP sig can be generated of a "known good" image).  A 
PGP signature would also be required for the directory to check for deleted 
files.
* PGP signatures for each row of the audit
* PGP signatures for each audit table to ensure that no rows have been removed
* Fingerprint or other biometrics that can be stored with checkins (or 
validated against a database of valid biometrics at checkin).


     Query page