ant-ivy-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kirby Files <kfi...@masergy.com>
Subject Re: ivy:publish build error
Date Thu, 15 Sep 2011 15:17:20 GMT
zharvey wrote on 09/15/2011 10:56 AM:
> (c) It, theoretically, would be possible to script my Apache server to
> accept the PUT from Ivy and write these files to my ivyrepo. (Yes, I am
> aware of the security concerns that will arise from this, and would have to
> take measure into my own hands on that account).

Well, I'm not sure what Ivy actually has or has not attempted in your 
case (wireshark could tell you for sure).

I wouldn't use bare PUTs to publish artifacts myself to a URL 
resolver, even if Ivy does allow it.

I would like some security and authentication on writes to my 
repository. It would be tricky to get Apache and Ivy to implement any 
decent security on bare puts. I suppose you could implement HTTP Basic 
Auth and encode the user/pass in the URL of the resolver, but that 
would be hackish and insecure indeed.

If you're going to use a remote resolver, I'd use one designed for 
writing with solid session authentication: Webdav is a good choice, as 
is SFTP.

A lot of folks just export the filesystem underlying the HTTP docroot 
via NFS or CIFS, and then use a filesystem resolver to publish. Then 
your filesystem permissions handle security.

Still others use the Ivy-SVN integration to publish to a subversion 
repo, and then use svnweb to access the repo.

All are valid choices; which is best for you will depend upon your 
environment, VCS, and toolchain.

Thanks,
---
Kirby Files
Software Architect
Masergy Communications
kfiles@masergy.com

Mime
View raw message