DOCUMENT:Q283618 06-JUL-2001 [ssafe] TITLE :INFO: Security Considerations When Using Automatic User Login PRODUCT :Microsoft SourceSafe PROD/VER::4.0,5.0,6.0 OPER/SYS: KEYWORDS:kbConfig kbDSupport kbGrpDSSSafe ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Visual SourceSafe, 16-bit, for Windows, versions 4.0, 5.0 - Microsoft Visual SourceSafe, 32-bit, for Windows versions 4.0, 5.0, 6.0 ------------------------------------------------------------------------------- SUMMARY ======= Visual SourceSafe provides a "Use network name for automatic user log in" option that allows Visual SourceSafe integration with Microsoft Visual InterDev or Microsoft FrontPage. However, the feature has security ramifications that users should consider before using it. Microsoft recommends that the feature only be used in protected networks in which all users are fully trusted. MORE INFORMATION ================ The "Use network name for automatic user log in" option in Visual SourceSafe is designed to enable single sign-on to development environments. When the option is selected (this is the default), Visual SourceSafe uses the currently logged-in account name as the Visual SourceSafe user name. If the name matches a Visual SourceSafe user name, the user is logged in without a password. Use of this feature can provide a better user experience by not requiring the user to enter a userid and password repeatedly. However, there are security ramifications associated with using the feature, and customers should consider them carefully before using it: - The feature does not perform Windows authentication, in which cryptographically protected credentials are exchanged anytime the user requests access to a resource, even through single sign-on mechanisms. Instead, the feature sends the current account name, which Visual SourceSafe then compares to a local database of users. - It could be possible for a user to log in as any desired Visual SourceSafe user, simply by logging into a local account with a userid that exists in Visual SourceSafe. In particular, there is always a user name of "Admin" in the Visual SourceSafe user list, which has full administrative access and cannot be deleted. If the Use network name for automatic user log in feature is enabled, an attacker could create a local machine account named "Admin", and then misuse the automatic log in feature to gain access to the Visual SourceSafe "Admin" account. - The feature can be disabled, but it is possible for the client to override the server settings and re-enable it. Because of these factors, Microsoft recommends that the "Use network name for automatic user log in" feature only be used in protected networks in which all of the users are fully trusted. It should not be used on unprotected networks or networks containing users who require differing levels of privileges. Indeed, Visual SourceSafe itself is not recommended for use on unprotected networks, as it is a development tool. The most effective way to provide security for Visual SourceSafe is by controlling access to the share on which the server software and the database reside. This can be done by setting NTFS permissions on the share and, if appropriate, hiding the share. Conclusion ---------- There can be significant benefit to enabling the "Use network name for automatic user log in" option in a protected network. However, in an unprotected network, this option is not appropriate. REFERENCES ========== If you require technical assistance with this issue, contact Microsoft Product Support Services: http://support.Microsoft.com/support/contact/default.asp Additional query words: ====================================================================== Keywords : kbConfig kbDSupport kbGrpDSSSafe Technology : kbSSafeSearch kbAudDeveloper kbSSafe600 kbSSafe400 kbSSafe500 kbSSafe16bitSearch kbSSafe32bitSearch Version : :4.0,5.0,6.0 Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.