DEVHIDE
Login Or Sign up

How to Restrict access to company's sensitive information for a developer from other country?

188 Views Asked by At

Usually when we hire a developer we sign NDA so in case of troubles we can sue the developer. But now we are considering to hire a developer from other country so any documents signed in my country wouldn't work in theirs country.

We use Git as a repository for hosting our code.

Is there any ways to restrict the access to only allowed code or protect the code somehow technically from being stolen?

The only thing we came up with is to create separate repositories for the abroad developer so they only access the allowed part and only work on it. But there are some drawbacks for the merging to the main code base, conflicts and so on.

git security data-protection source-code-protection sensitive-data
Original Q&A
2

There are 2 best solutions below

0
VonC On

"restrict the access to only allowed code":

If that includes restricting the read access, then you need a separate repository.
Git hosting services (GitHub, GitLab) would still allow you to clone the full repository, providing you with access to all branches content (even though you can add branch protection, to prevent push)

An authorization layer like Gitolite could in theory allow you to clone and work only on one branch, but that layer is not readily available in most online repository hosting services.

If you are using a separate repository for your external development, I would not recommend submodule.

Git submodules are essentially a reference to another repository at a particular snapshot in time. They are suitable for including external dependencies that do not change often.

But there are some drawbacks for the merging to the main code base, conflicts and so on.

Git subtrees merge another repository into your project (which would alleviate your "drawbacks for the merging to the main code base"), allowing you to keep the external code within your repository's structure. It simplifies the process of making and merging changes back and forth between the main project and the external repository.

(I discussed before, back in 2015, about the differences between git submodule and subtree)

Using a subtree might offer a better solution for merging back the developer's contributions compared to submodules. Since the subtree is part of the main repository, merging changes and resolving conflicts can be more straightforward than dealing with submodules, which are essentially separate repositories.

Implementing a subtree-based solution involves managing contributions to a specific portion of your main project without giving the contributor access to the entire repository. That would be particularly useful when you want to collaborate on a shared piece of code or a project module with external contributors, while maintaining control over the broader project access.

The Project Manager would first create a new repository that will hold the specific portion of the project you wish to share with the external contributor. That repository will contain only the code or content that the contributor needs to access.
Once the separate repository is ready, you can add it as a subtree to your main project repository. Use the git subtree add command (also described here), specifying the prefix (path within your main project where the subtree will live), the repository URL, and the branch you want to track.

git subtree add --prefix=path/to/subtree directory <repository URL> <branch> --squash

After adding the subtree, commit the changes to your main project repository. That action integrates the external repository as a subtree, allowing you to manage its content as part of your project while keeping its history separate.

To pull in changes from the external repository, the PM (project manager) would use the git subtree pull command with the same parameters used for adding it. That will keep the subtree up to date with the external contributor's modifications.

When the PM has changes in the main project that they want to push to the external repository, use the git subtree push command. That allows you to share updates from the main project with the external contributor.

The external contributor does not interact directly with the main project repository. Instead, they clone the separate repository created specifically for their contribution. That repository contains only the portion of the project they are authorized to access and modify.

git clone <repository URL>

The contributor can make changes, commit them, and push these changes back to the separate repository as they would with any Git repository.

git add .
git commit -m "Contribution from the external contributor"
git push origin <branch>

The process of integrating these changes back into the main project is managed by the project manager, who uses the git subtree pull command to fetch and merge the contributor's updates into the main project's subtree.

0
Dinuda Yaggahavita On

For technical access control irregardless of the NDA, you can consider

  • GitGuardian: for secure code sharing without revealing the actual base code, ideal for sensitive information.

  • Obfuscate code base: obfuscate sensitive parts of the codebase to increase protection. I use: obfuscator.io

  • Create a new repo and make it a submodule of the main repo, see Git submodule

Related Questions in GIT

Related Questions in SECURITY

Related Questions in DATA-PROTECTION

Related Questions in SOURCE-CODE-PROTECTION

Related Questions in SENSITIVE-DATA

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.