How RBCommons stays secure
Your source code is important, and we intend to keep it safe. We employ a number of security measures and recommendations to prevent any unwanted access to your review requests.
Our security model
We keep everything under lock and key. Our servers are stored in Amazon's cloud, and the only entry point requires specific SSH keys, and is accessible only from an undisclosed location. There is no direct access to the databases or caches, and no remote access to your own repositories except by people in your team.
All communication between our servers and databases are internal to Amazon's cloud. There's no place for someone to snoop in the middle.
Access between our servers and to the website itself are encrypted. We use SSH for remote communication and SSL for all traffic to and from the website.
Our servers are always kept updated with the latest security fixes. We regularly monitor log files and are sent logs of any suspicious activity, errors, or remote access attempts.
We also have a thorough test suite for access controls that we keep up-to-date that tests every possibility we can throw at it.
How we access your code
Repositories hosted on services such as GitHub or Bitbucket are accessed through their APIs, which are protected by SSL. We authenticate to most APIs using a token generated when you first link your repositories. This token is encrypted.
For self-hosted repositories, RBCommons makes use of dedicated SSH keys. Teams will automatically have an SSH key generated for them, which you can use to grant access to your repositories. These keys are encrypted and stored.
If your repository isn't already accessible via the Internet, you may have concerns about making it public. One option to keep things safe is to limit public access to your repository to our IP addresses (126.96.36.199, 188.8.131.52, 184.108.40.206). That way, only we can reach it. (Note that the IP addresses are subject to change.)
At that point, RBCommons should be able to access your repository and pull data as needed.
How we store your data
When generating the side-by-side diff, we cache a copy of the original files from your repository and their patched copies and store them in an internal memory cache. This is local to the servers and can't be accessed remotely. Old, unused entries are periodically wiped from the cache, and the cache itself is wiped out on reboot.
Any uploaded screenshot or file attachment is stored in Amazon's S3 service under a hashed, unguessable name.
For self-hosted repositories, we require some form of remote access. We recommend providing access through mandatory SSH keys, rather than accepting a username and password. This is a much safer and more secure mechanism for repository access. Most repositories provide some form of SSH access.
RBCommons will store any uploaded diffs in our database. There's no direct access to the database.
Keeping your account secure
Keeping your account secure is very important. There are three things we recommend for staying secure.
1. Choose a secure, unique password
We strongly recommend you use a unique, secure password protected by a password manager (such as 1Password or LastPass). By using a strong password unique to RBCommons, you'll keep your account from being compromised in the event of password leaks on other services. By using a password manager, you won't have to remember the password, and you can log in on any supported device.
2. Use two-factor authentication
Two-factor authentication helps keep your account safe and secure from hackers by requiring a second device (mobile phone or tablet) when logging in to RBCommons. If enabled (My Account -> Authentication), RBCommons or RBTools will prompt you for a 6-digit token code along with your username and password. This code will be generated on your device or sent to you via text message, depending on your preference.
For on-device token generation, we recommend using Google Authenticator or Authy. As part of the two-factor authentication setup process, you'll simply scan a barcode on your screen, and you'll be set!
Once you have two-factor authentication enabled, you'll be given a set of backup tokens. These are codes you can use to log in in the event that you no longer have access to your mobile device. Keep them secret. Keep them safe.
3. Use API Tokens for authentication
API Tokens are an alternative way to authenticate with RBCommons for clients that use the API. They're safer than storing passwords, and provide a bunch of handy features like access control policies.
Tokens can also be revoked at any time without having to change your password.
API Tokens are great for custom scripts or for RBTools automation where you want to programmatically interact with RBCommons without exposing your password.