From dev-return-8922-apmail-continuum-dev-archive=continuum.apache.org@continuum.apache.org Tue Jan 11 00:16:29 2011 Return-Path: Delivered-To: apmail-continuum-dev-archive@www.apache.org Received: (qmail 74884 invoked from network); 11 Jan 2011 00:16:29 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 11 Jan 2011 00:16:29 -0000 Received: (qmail 44888 invoked by uid 500); 11 Jan 2011 00:16:28 -0000 Delivered-To: apmail-continuum-dev-archive@continuum.apache.org Received: (qmail 44829 invoked by uid 500); 11 Jan 2011 00:16:27 -0000 Mailing-List: contact dev-help@continuum.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@continuum.apache.org Delivered-To: mailing list dev@continuum.apache.org Received: (qmail 44821 invoked by uid 99); 11 Jan 2011 00:16:27 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Jan 2011 00:16:27 +0000 X-ASF-Spam-Status: No, hits=1.5 required=10.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of marica.tan@gmail.com designates 209.85.216.43 as permitted sender) Received: from [209.85.216.43] (HELO mail-qw0-f43.google.com) (209.85.216.43) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Jan 2011 00:16:22 +0000 Received: by qwk3 with SMTP id 3so22397731qwk.2 for ; Mon, 10 Jan 2011 16:16:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=s9D+7/64U26k1TE8oSEavMCCvogD033zvcbdM4NWy1k=; b=BaWaE8t5XuiujZ5/rIedV3aSlwtgwDd8elauTyXSN+V9j2KOey+DcPXDInsieCpSUC 4H0c9G17fwp4YRFwZHdkQuBpkmi/KjobLCRwYc5Hh279lbf4apzlufDR7+8ZOrF70BNb sLuY6hLdw8kZBelrGRAB8Je8VwRnZG7Ee9cPk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=tZby3HeQlNI2OlGDnl4PudqizBgaegm3YIIN+7cTQ/bVVzM2tXU4kcOavY0+Bjk91e W5tkyLHR7FN2iWy+XoBmAfwofwAdolUd7IOUlX+mabMIKH67XlIWZzY6zqromzJ29l7H t60nL2x0xAl3aOxZkKOh0ky4qSM602qQjYPZQ= MIME-Version: 1.0 Received: by 10.229.100.20 with SMTP id w20mr25935536qcn.50.1294704961355; Mon, 10 Jan 2011 16:16:01 -0800 (PST) Received: by 10.229.91.207 with HTTP; Mon, 10 Jan 2011 16:16:01 -0800 (PST) In-Reply-To: References: Date: Tue, 11 Jan 2011 08:16:01 +0800 Message-ID: Subject: Re: Build agent security From: Marica Tan To: dev@continuum.apache.org Content-Type: multipart/alternative; boundary=0016364ed5de4fa7ca049986fd57 --0016364ed5de4fa7ca049986fd57 Content-Type: text/plain; charset=ISO-8859-1 Hi Wendy, I think the shared key is the only way I can think of for now since it's not possible to do user authorization/authentication in the agent. -- Marica On Mon, Jan 10, 2011 at 9:59 AM, Wendy Smoak wrote: > Any thoughts on this? -Wendy > > On Tue, Dec 28, 2010 at 4:39 PM, Wendy Smoak wrote: > > This bit of CONTINUUM-2599 caught my eye: > > > > "Current workaround to get Build Agent's installation is by directly > > using the Build Agent Web Service." > > > > I was under the impression that while the build agent would accept > > XML-RPC requests from anyone, it would only send responses back to the > > master defined in its config file. (See CONTINUUM-2044) > > > > Did something change and you are now able to connect directly to the > > agent and do things/get information without an authorization check? > > (There is no authentication/authorization on the build agent. > > (right?)) > > > > In addition, a comment on 2044 reminded me that CONTINUUM-2545 added > > unsecured webdav access to the working copy. > > > > Any thoughts on whether build agents should be better secured, and if so > how? > > > > * http://jira.codehaus.org/browse/CONTINUUM-2599 > > * http://jira.codehaus.org/browse/CONTINUUM-2044 > > * http://jira.codehaus.org/browse/CONTINUUM-2545 > > > > -- > > Wendy > > > --0016364ed5de4fa7ca049986fd57--