Security

As soon as possible, perform these security tasks.

Set a strong password

Make sure your password has 8 to 16 characters, is difficult to guess, and contains a mixture of uppercase, lowercase, and non-alphabetic characters.

Restrict Helix Core Server access to your client workspace root directory

Helix Core Server only needs access to the file revisions in your workspace. Access can be confined to the workspace by setting the P4CLIENTPATH variable to the root directory of your workspace. The P4CONFIG variable can be used to make that automatically apply whenever Helix Core client applications, such as P4 and P4V, use the workspace. Follow the steps for your operating system.

Windows Linux and macOS

Windows	Linux and macOS
Navigate to your client workspace root directory. Run the `p4 set` command. In the output, look for a line that contains: `P4CONFIG=p4config.txt` If the `P4CONFIG` variable is shown, use the file name it displays after the `=` sign in the following steps. If such a line is not listed, run `p4 set P4CONFIG=p4config.txt` and create a new file with `p4config.txt` as its name. In the `p4config.txt` file, add this line: `P4CLIENTPATH=.` This line sets the `P4CLIENTPATH` environment variable to the current directory, your client workspace root directory.	Navigate to your client workspace root directory. Run the `p4 set` command. In the output, look for a line that contains: `P4CONFIG=.p4config` If the `P4CONFIG` variable is shown, use the file name it displays after the `=` sign in the following steps. If such a line is not listed, run `p4 set P4CONFIG=.p4config` and create a new file with `.p4config` as its name. In the `.p4config` file, add this line: `P4CLIENTPATH=.` This line sets the `P4CLIENTPATH` environment variable to the current directory, your client workspace root directory. Export the `P4CONFIG` environment variable and initialize the shell session: For Linux: Edit the `~/.bashrc` file to add the line `export P4CONFIG=.p4config` then run `source ~/.bashrc` For macOS: Edit the `~/.zshrc` file to add the line `export P4CONFIG=.p4config` then run `source ~/.zshrc`

Navigate to your client workspace root directory.
Run the p4 set command.
In the output, look for a line that contains:
P4CONFIG=p4config.txt
If the P4CONFIG variable is shown, use the file name it displays after the = sign in the following steps.
If such a line is not listed, run
p4 set P4CONFIG=p4config.txt
and create a new file with p4config.txt as its name.
In the p4config.txt file, add this line:
P4CLIENTPATH=.
This line sets the P4CLIENTPATH environment variable to the current directory, your client workspace root directory.

Navigate to your client workspace root directory.
Run the p4 set command.
In the output, look for a line that contains:
P4CONFIG=.p4config
If the P4CONFIG variable is shown, use the file name it displays after the = sign in the following steps.
If such a line is not listed, run
p4 set P4CONFIG=.p4config
and create a new file with .p4config as its name.
In the .p4config file, add this line:
P4CLIENTPATH=.
This line sets the P4CLIENTPATH environment variable to the current directory, your client workspace root directory.
Export the P4CONFIG environment variable and initialize the shell session:

For Linux:
Edit the ~/.bashrc file to add the line
export P4CONFIG=.p4config
then run
source ~/.bashrc

For macOS:
Edit the ~/.zshrc file to add the line
export P4CONFIG=.p4config
then run
source ~/.zshrc

To learn more, see P4CLIENTPATH and P4CONFIG in the Helix Core Command-Line (P4) Reference.

Contact your administrator about authentication features

Your Helix Core Server controls the following features.

SSL connections to connect to an SSL-enabled server. If SSL is in use, you should only accept the fingerprint shown when p4 trust is run after the administrators has validated that it is correct.
Ticket based authentication. This depends on the server security level that the administrator chooses.
Integration with an identity provider through Helix Authentication Service and multi-factor authentication through your identity provider (IdP). To learn more, see Helix Authentication Service Administrator Guide.
The Helix MFA app, which should only be used when your password store and your MFA service are separated, such as using LDAP as your password store with Okta as your MFA service. To learn more, see Multi-factor authentication in the Helix Core Server Administrator Guide.