The repository synchronization scheme poses a potential security risk: the acserver.cnf server configuration file on an AccuRev server machine can name
any master server machine in a
MASTER_SERVER setting. And by default, the targeted master server will comply with
any synchronization request — even an
accurev replica sync command executed on a completely unrelated client machine.
We strongly recommend using the server_admin_trig trigger on the master server machine to implement an authentication scheme, so that the master server will send repository data over the wire only to valid requestors. The following Perl code might be added to the sample
server_admin_trig script included in the
examples subdirectory of the AccuRev distribution:
if ($command eq "replica_sync") { if ($principal ne "rep01_acadmin" and $principal ne "rep02_acadmin") {
print TIO "Repository synchronization disallowed:\n";
print TIO "Authentication by the server_admin_trig script failed.\n";
close TIO;
exit(1);
}
}
This code allows users rep01_acadmin and
rep02_acadmin to perform repository synchronization, rejecting requests from all other user identities.
Note: a server_admin_trig script identifies the command as
replica_sync, even though the actual CLI command is
replica sync.