When talking to my feature team, I often refer to "VSS security"--which basically consists of user rights and permissions--as the "the façade". Forget what you know about tiered development and façade layers for a moment. I use the word façade quite literally. The security of a Visual SourceSafe database is only as good as the security of the physical folder or share in which it resides.

That being said, one of the easiest things you can do to improve the security of your VSS installation is to hide the network share(s) containing your database. You can do this by adding the '$' symbol to the end of the share name. I've never understood why the Windows team hasn't added an option like, "Hide this Share on the Network". Maybe they have and I've just missed it... Anyway, to hide a share from remote users in WindowsXP and Windows .NET Server:

  1. Right-click the database folder, click Properties, and then select the Sharing tab.
  2. Click Do not share this folder and then click OK.
  3. Right-click the unshared database folder, click Properties, and then select the Sharing tab.
  4. Click Share this folder and in the Share name box, type the name of your share followed by a '$' symbol (e.g., VSSLibrary$), and then click OK.

Of course, if you hide your database shares, your users won't be able to find them on the network. Thus, when creating a new database or changing the name of an existing database share, you must tell your VSS users the exact path to the new database share so that they can add the database (in this case \\computername\VSSLibrary) to the list of Available databases in the Open SourceSafe Database dialog box.

We (the royal we) recently published a whitepaper on the subject of security and Visual SourceSafe.  Kudos to Oded and Christine for driving that project to fruition.  -Korby

This posting is provided "AS IS" with no warranties, and confers no rights. Microsoft kann für die Richtigkeit und Vollständigkeit der Inhalte in dieser Newsgroup keine Haftung übernehmen. Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.