|Important||This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here. ArchiveDisclaimer|
Visual SourceSafe ensures database security by using standard Windows integrated security mechanisms to control access to shared resources. Only authorized Windows users can access a Visual SourceSafe database. The user designated as the database administrator for a team is responsible for controlling access to database projects. Access is based on sharing permissions and project rights granted by the database administrator. As the database administrator, you will use the Visual SourceSafe Administrator program to set up teams, control database access, and maintain the databases for your group.
A shared Visual SourceSafe database is only as secure as the shared network folder in which it is located. Security is strengthened by setting sharing permissions for the database folder when you create a database or add or delete database users. If this is not done, a malicious user on the network can easily circumvent the standard Visual SourceSafe sharing permissions and project rights. For more information about setting up secure database sharing, see.
Database User Management
Visual SourceSafe manages users by using standard user name and password specifications. The user name and password identify a user at logon, in history information, and in file reports. Visual SourceSafe creates and keeps track of a user's information and environment in the Ss.ini file for that user.
The database administrator is responsible for setting user names and passwords. For more information about user management, see.
Audits of User Activity
In support of database security, Visual SourceSafe allows the creation of journal files to help prevent users from compromising data integrity. A journal file records database events for a particular user, for example, access to files and projects. For more information, see.