It's all about the answers!

Ask a question

How can I validate that the objects used by BuildForge match specified certificates ?


Leandro Leal (14613445) | asked Jul 02 '12, 4:32 p.m.
edited Jul 13 '12, 8:51 a.m. by Spencer Murata (2.3k115970)
Hi all,

Our organization currently has control of source code and objects through (RTC). We have created a Build Forge project that connects to (RTC) to extrac the objects needed for deployment. The security department has a need to validate that the objects used in the deployment are equal to the certificates. How I can do this? What techniques used by businesses that use Build Forge and (RTC) to meet the needs  of the
security department?

Thanks in advance

Comments
Spencer Murata commented Jul 02 '12, 4:37 p.m.
FORUM MODERATOR / JAZZ DEVELOPER

I'm not quite sure I understand. Are you saying you want to confirm that the object getting loaded from Jazz into Build Forge is the correct object? Would the SSL connection between RTC and BF be enough for that situation? I'm not sure exactly how else you would confirm that the object deployed is the same object in Jazz. The SSL connection would ensure that you are loading from the correct server, but I don't know how you would get granular enough to confirm the object is the same.

3 answers



permanent link
Leandro Leal (14613445) | answered Jul 09 '12, 3:16 p.m.
edited Jul 09 '12, 3:49 p.m.
Hi Spencer,

To give a more specific example: We have two streams in RTC, Quality and Pre-production, this is the setting of the streams:

Stream Quality
         Components(Source)

         Components(Object)


Stream Pre-production
         Components(Source)
         Components(Object)

The Quality Team download the Object(s) to certify from the stream Quality. Then begin the quality test to verify that the objects operating according to the request. When this objects are certify the changeset from Quality Stream is transferred to Pre-Production Stream through (RTC). The security team downloads the objects in the stream Pre-Production and verify that no change in the object. The way manual to do this is verify the date and time of modification of all the objects, but, this date and time is changed by RTC when is downloaded and can't be used. Then,  How we can validate bit to bit that a (ABC.DLL) object in the stream Quality is equal to another (ABC.DLL) object in the stream Pre-Production??? That is my question...


permanent link
Spencer Murata (2.3k115970) | answered Jul 13 '12, 8:54 a.m.
FORUM MODERATOR / JAZZ DEVELOPER
edited Jul 13 '12, 8:54 a.m.
 I see now, but I don't know if it is possible to do what you describe in RTC.  It would have to be a SCM command of some kind to compare the objects and I don't know that such a command exists.  The closest thing I think would probably be comparing the checksum of the two class files, but that wouldn't be totally bulletproof.

permanent link
Leandro Leal (14613445) | answered Jul 17 '12, 9:42 a.m.
How I can do this? i dont have idea -> "I think would probably be comparing the checksum of the two class files"

Your answer


Register or to post your answer.