obfuscation - GIT - Maintaining obfuscated repositories for working with untrusted 3rd party developers? -

-

our git repositories typically contain code our entire websites & services. includes painstakingly worded text marketing, legal, ui, etc.

essentially rogue developer clone it, change few things, , become competitor of ours (all legal issues aside). or more likely, include others work own in portfolios without authorization. in cases leads disclosure of features , functions don't want out there yet.

in case, has been recognized risk since work developers around globe , have need add more -- granting them access entire code base work on.

have ever encountered issue? or have implemented solution reduce or mitigate similar risks?

i thinking 1 potential strategy create 3 individual git repositories different purposes (not branches) this:

git repo: project1_developers

$git branch master dev issue_feature1 issue_feature2 etc..

workflow above: issue/feature branch style. developer delegated task, checks out issue/feature branch. when completed, submits branch & merge request dev branch. test branch & merge dev if ok.

above how things today. that's it. whole repo there in 'master' gets published world.

but meet stated goal i'm thinking add like...

git repo: project1_obfuscate

$git branch strips_and_swaps (for sending developers repo) prod_patches (the patches make "whole" again) prod_master (branch production repo pulls master branch?)

and production repo...

git repo: project1_production

$git branch master

as far content problem goes, imagine simple webpage repo...

.git index.html logo.png

so goal strip out or patch in real/fake "logo.png" dummy logo branches in "developers" repo.

in practice, instead of logo.png, maybe bunch of .blade files (laravel) .twig files or whatever template files might have content bits wish restrict access to. in cases, maybe files exist in teh "obfuscate" remote.

has done similar might share insight?

it hurts head think doing way i'm suggesting, , might not work :)

the best practice is, if possible, isolate sensitive information in own git repo instead of keeping in 1 giant repo.

you still can have global picture using parent repo reference other repos submodules.

but if sensitive data in 1 repo, can protect in term of access.
easier trying protect branch (you can protect against push, not pull, meaning 1 can still have access content) or obfuscate remote url.


Comments

Post a Comment

Popular posts from this blog

android - Gradle sync Error:Configuration with name 'default' not found -

-
i want add external library guillotinemenu-android in application. followed steps given in upvoted answer existing question how add library project android studio? facing error when try build project after step 6 i.e. when added dependency in app/build.gradle compile project(":guillotinemenu") . tried stackoverflow links related error not working out. have made folder named libs in app directory , copied project folder guillotine menu there. here build.gradle(module:app) file apply plugin: 'com.android.application' android { compilesdkversion 22 buildtoolsversion "22.0.1" defaultconfig { applicationid "com.sunshine.bbreaker.appet_i" minsdkversion 14 targetsdkversion 22 versioncode 1 versionname "1.0" } buildtypes { release { minifyenabled false proguardfiles getdefaultproguardfile('proguard-android.txt'), 'proguard-rules.p
Read more

java - Andrioid studio start fail: Fatal error initializing 'null' -

-
i don't know happened android studio,when start ,it shows me error message below. , try uninstall/reinstall it,but doesn't work.who can me!!! internal error. please report https://code.google.com/p/android/issues java.lang.runtimeexception: com.intellij.ide.plugins.pluginmanager$startupabortedexception: fatal error initializing 'null' @ com.intellij.idea.ideaapplication.run(ideaapplication.java:178) @ com.intellij.idea.mainimpl$1$1$1.run(mainimpl.java:52) @ java.awt.event.invocationevent.dispatch(invocationevent.java:209) @ java.awt.eventqueue.dispatcheventimpl(eventqueue.java:715) @ java.awt.eventqueue.access$400(eventqueue.java:82) @ java.awt.eventqueue$2.run(eventqueue.java:676) @ java.awt.eventqueue$2.run(eventqueue.java:674) @ java.security.accesscontroller.doprivileged(native method) @ java.security.accesscontrolcontext$1.dointersectionprivilege(accesscontrolcontext.java:86) @ java.awt.eventqueue.dispatchevent(eventqu
Read more

html - jQuery UI Sortable - Remove placeholder after item is dropped -

-
i'm trying nested sortable , i'm kind'a succeeding, there's 1 small little inconvenience bugs me. i want placeholder disappear after i've dropped dragged item (on mouseup) , can't quite figure out how it. i want because when sort downwards, deletion of placeholder affects parent's height, in turn creates small bug, check jsfiddle here. html <div class="container"> <h1>menu</h1> <ul class="list-group striped nest"> <li class="list-group-item">home <ul class="list-group striped nest"></ul></li> <li class="list-group-item">about <ul class="list-group striped nest"></ul></li> <li class="list-group-item"> services <ul class="list-group striped nest"> <li class="list-group-item">design <ul class=
Read more