continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wendy Smoak <wsm...@gmail.com>
Subject Re: Proposal for improvements to Continuum distributed builds
Date Tue, 10 Aug 2010 00:53:27 GMT
On Fri, Aug 6, 2010 at 9:24 AM, Brett Porter <brett@apache.org> wrote:
> Someone mentioned that this might be used for security before. That seems overly restrictive
- but you might want to consider adding an optional shared-secret password that is passed
through the build context and compared to the agent configuration too. Though I think the
best advice at the moment is to document "don't make agents public" :)

Currently the build agent will accept commands from anyone, but only
reply to the url configured in continuum.xml.  This change means that
an agent will accept commands from, and reply to, anyone.  This is on
top of the recent webdav addition that exposes all of the working
copies on the agent.

I gather this is going on trunk, so no objections to the change, but
the security issue is something I'd want to see addressed before we
call it GA.  Just putting it on a private network doesn't solve the
problem for me in an environment where users have security roles that
allow them to see only certain projects.

CI servers as a class aren't terribly secure to begin with -- they
allow developers to execute arbitrary code during the build, but at
least the dev has to check something into svn where someone might see
it.  Opening it up so that anyone on the network can get to it is a
problem IMO.

-- 
Wendy

Mime
View raw message