continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wendy Smoak <wsm...@gmail.com>
Subject Re: Build agent security
Date Mon, 10 Jan 2011 01:59:43 GMT
Any thoughts on this? -Wendy

On Tue, Dec 28, 2010 at 4:39 PM, Wendy Smoak <wsmoak@gmail.com> wrote:
> This bit of CONTINUUM-2599 caught my eye:
>
> "Current workaround to get Build Agent's installation is by directly
> using the Build Agent Web Service."
>
> I was under the impression that while the build agent would accept
> XML-RPC requests from anyone, it would only send responses back to the
> master defined in its config file. (See CONTINUUM-2044)
>
> Did something change and you are now able to connect directly to the
> agent and do things/get information without an authorization check?
> (There is no authentication/authorization on the build agent.
> (right?))
>
> In addition, a comment on 2044 reminded me that CONTINUUM-2545 added
> unsecured webdav access to the working copy.
>
> Any thoughts on whether build agents should be better secured, and if so how?
>
> * http://jira.codehaus.org/browse/CONTINUUM-2599
> * http://jira.codehaus.org/browse/CONTINUUM-2044
> * http://jira.codehaus.org/browse/CONTINUUM-2545
>
> --
> Wendy
>

Mime
View raw message