Security Implications

When running SvnBridge in a client mode, it will cache locally meta data and file contents from the servers it is accessing. Assuming a multi user system, where they have different permissions to the server, this may allow a user to view information that they are not supposed to see.
Note that this is avoidable by having each user execute SvnBridge from a directory that other users do not have access to ( %appdata%\SvnBrdige is a good candidate ).

When running in server mode, the SvnBridge server will have local copy of the TFS server and the content of files from the repository. This will allow a user with access to the server to potentially access information that they cannot get from the TFS server directly. Restricting access to the SvnBridge server machine is recommended.

Note that when loading cached information about files or revisions, even when using the cache, SvnBridge will respect the permissions that where set on the repository.
However, if those permissions were to be changed at a later date, this will not be reflected on SvnBridge cache, and can cause users to view information that they do not have access to.

You can resolve this issue by clearing the SvnBridge cache.

Last edited Apr 8, 2008 at 9:27 PM by Ayende, version 1

Comments

No comments yet.