0
Hello,
I have the following problem. I’m working with a team through TFS and shared the project so they can pull (Map & Get). But it has a specific file that I don’t want other developers to have access to, because it has sensitive and privileged information. It is possible to configure this file in such a way that other members of the TFS project can pull it, but cannot read and access it?
If so, please help me. Grateful!
2
At TFS (Team Foundation Server), now known as Azure Devops Server since 2019, we have two types of code repositories: Git, currently recommended as standard by Microsoft, and TFVC (Team Foundation Version Control).
In TFVC you can lock the editing of the file, or in case the content is sensitive even that the developer would see.
Stop editing
The check-in lock is less restrictive, allowing the view and the dev to have the file on the machine, but cannot change it. The advantage is that if it is a configuration file you do not need another strategy to run the application on the machine, because locally it will be possible to edit it, but it cannot be checked in. This option is available by right-clicking the file in the context menu of choice Advanced (1), and Lock (2), as per image:
A dialog window will be opened with the list of files that will be locked, just confirm:
To undo the lock just do the reverse.
As of TFS 2012, the locking of the check-out Locks does not have a proper functioning because of the local Workspace.
Stop viewing
TFVC is a CVCS repository model (Centralized Version Control System or Centralized Version Control System), unlike Git which is a DVCS (Distributed Version Control System or Distributed Version Control System), the difference is described here: Distributed Vs Centralized; and so it is possible to control even the view to the file:
In Visual Studio’s Source Control Explorer, right-click the file, and in the Advanced (2) context menu, and then Security (3), as shown below:
The window that will be opened is the same of the portal or site, hence just choose the group or user (1) and deny the permission of Read (2), as shown below:
Other techniques
The above obfuscation technique is pretty bad, because the file is in the repository, and any error in user permissioning or administration can expose the content. If the goal is to put service URL’s or database password, it is best to do this in your CI/CD process, that is, in your pipeline, you will have better tools and more security. If you want to know more about this, look for Azure Pipeline, or open a new question.
Browser other questions tagged .net visual-studio team-foundation-server
You are not signed in. Login or sign up in order to post.
I appreciate the @egomesbrandao answer I’ve been looking at the alternatives and preferred to create a project apart with classes that have sensitive codes and generated a DLL, so the file is referenced and the code is hidden. You think it’s a good idea?
– Felipe Salazar
You can give a better example of what you’re trying to hide in the code?
– egomesbrandao
Functions and variables declared
– Felipe Salazar