|Important||This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here.|
Securing a Database
All users of a Visual SourceSafe database are granted the same Windows access permissions for the installed directories. To ensure data integrity and secure databases, however, users must be assigned additional sharing permissions for each database that they use. Sharing permissions are granted in such a way that only database administrators are able to access the files that control a database, which are located in the Visual SourceSafe Win32 directory. All other users are prohibited from unauthorized access.
Do not rely on Visual SourceSafe to secure your data. Even users with read-only sharing permissions can delete a Visual SourceSafe database from a shared network folder to which they have access.
As the database administrator for your team environment, you are responsible for securing (also known as "locking down") your team's shared databases. Only members of the Windows Administrator user group can perform database administrator tasks, including running the ANALYZE utility and restoring archived Visual SourceSafe files and projects. As the database administrator, you must assign all users, including yourself, appropriate database sharing permissions to properly limit network share access. You will also need to assign all database users specific rights for each project that they must use.
Securing a database and the associated directories and files consists of the following basic steps:
Set sharing permissions for the database.
Add user accounts.
(Optional) Provide project rights for users.
(Optional) Hide the network share for the database.
Back up all critical database information.
Document your security procedures.
Setting Database Sharing Permissions
You are strongly recommended to define Windows user groups to restrict sharing permissions for your databases. You will need to create two groups of users for Visual SourceSafe: an Administrator group for database administrators and a User group for regular database users. See.
Adding User Accounts
To restrict database access, you must prepare user accounts for yourself and all others who will be using each shared database. Visual SourceSafe Administrator is used for setting up user accounts, as described in.
Setting Project Rights
If required, you can use the Visual SourceSafe Administrator program to enable project security and set user rights for specific Visual SourceSafe projects. These project rights are independent of the database sharing permissions. For example, you might want to remove the Destroy project right for all developers on a software development team to prevent anyone from permanently deleting projects from the database. For more about providing project-level security, see.
Hiding the Network Share
You can hide the network share so that it is very difficult for remote Windows users to determine whether a server has a share and whether Visual SourceSafe is installed. The network share does not appear when a Windows user browses to the server. To hide the network share, simply add "$" to the end of the database directory name, for example, instead of \\server\vssdb1, use \\server\vssdb1$. You will have to tell your database users the exact location of the database, including the "$," so that they can add the database to the list of available databases in the Open SourceSafe Database dialog box.
If you require even tighter security control of your database, see "INFO: Required Network Rights for the SourceSafe Directories," in the Microsoft Knowledge Base.
Backing Up Critical Information
Remove from your shared database all documents that contain sensitive or confidential information that should not be available to all database users, for example, payroll or legal information. File these documents in a safe location accessible only to you or another database administrator.
Documenting Your Security Procedures
Prepare instructions summarizing the security procedures so that database security can be maintained even if you are not available.