Synchronization Security

Note: this section describes a security risk that exists only for organizations using the AccuRev Replication Server product. This risk does not apply to organizations that use the standard AccuRev software, without the replication option.

The repository synchronization scheme poses a potential security risk: the acserver.cnf server configuration file on an AccuRev server machine can name any master server machine in a MASTER_SERVER setting. And by default, the targeted master server will comply with any synchronization request — even an accurev replica sync command executed on a completely unrelated client machine.

We strongly recommend using the server_admin_trig trigger on the master server machine to implement an authentication scheme, so that the master server will send repository data over the wire only to valid requestors. The following Perl code might be added to the sample server_admin_trig script included in the examples subdirectory of the AccuRev distribution:

if ($command eq "replica_sync") {
if ($principal ne "rep01_acadmin" and $principal ne "rep02_acadmin") {
print TIO "Repository synchronization disallowed:\n";
print TIO "Authentication by the server_admin_trig script failed.\n";
close TIO;
exit(1);
}
}

This code allows users rep01_acadmin and rep02_acadmin to perform repository synchronization, rejecting requests from all other user identities.

Note: a server_admin_trig script identifies the command as replica_sync, even though the actual CLI command is replica sync.