continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wendy Smoak" <wsm...@gmail.com>
Subject Re: How can an agent be sure that a request comes from its master?
Date Mon, 19 Jan 2009 20:27:31 GMT
On the master, we have users and roles, but I really don't want to
drag Redback into the build agent and require a database.

Starting out with a simple shared secret sounds good -- even if it's
in plain text in the client config, I'm already planning to use
https:// urls so it wouldn't be going in plain text over the wire.

I'm not familiar enough with client ssl certs.  How would this work?
(My experience runs to chasing down missing intermediate and
self-signed certificates and installing them with keytool so a simple
https:// connection will work.)  Is it something that would be
available by configuring the server and client JVMs, outside of
anything we'd have to do in Continuum itself?

Thanks,
-- 
Wendy

On Mon, Jan 19, 2009 at 1:15 PM, Christian Edward Gruber
<cgruber@israfil.net> wrote:
> The simple answer would be a shared secret, provided in the configuration of
> the agent.  So long as the master can provide the shared secret to the
> agent, it'll respond appropriately.  Client-ssl certs could work, though
> recent root-certificate-authority hacks may make that less than perfect.
>  But ultimately, I think the same sorts of auth options that any web-app has
> available to it could be used, so long as nothing is sent in clear-text.

Mime
View raw message