continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marica Tan <marica....@gmail.com>
Subject Re: Build agent security
Date Tue, 11 Jan 2011 00:16:01 GMT
Hi Wendy,

I think the shared key is the only way I can think of for now since it's not
possible to do user authorization/authentication in the agent.

--
Marica

On Mon, Jan 10, 2011 at 9:59 AM, Wendy Smoak <wsmoak@gmail.com> wrote:

> Any thoughts on this? -Wendy
>
> On Tue, Dec 28, 2010 at 4:39 PM, Wendy Smoak <wsmoak@gmail.com> wrote:
> > This bit of CONTINUUM-2599 caught my eye:
> >
> > "Current workaround to get Build Agent's installation is by directly
> > using the Build Agent Web Service."
> >
> > I was under the impression that while the build agent would accept
> > XML-RPC requests from anyone, it would only send responses back to the
> > master defined in its config file. (See CONTINUUM-2044)
> >
> > Did something change and you are now able to connect directly to the
> > agent and do things/get information without an authorization check?
> > (There is no authentication/authorization on the build agent.
> > (right?))
> >
> > In addition, a comment on 2044 reminded me that CONTINUUM-2545 added
> > unsecured webdav access to the working copy.
> >
> > Any thoughts on whether build agents should be better secured, and if so
> how?
> >
> > * http://jira.codehaus.org/browse/CONTINUUM-2599
> > * http://jira.codehaus.org/browse/CONTINUUM-2044
> > * http://jira.codehaus.org/browse/CONTINUUM-2545
> >
> > --
> > Wendy
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message