continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wendy Smoak <>
Subject Re: Securing working copies in build agent (CONTINUUM-2632)
Date Wed, 01 Jun 2011 11:18:21 GMT
On Tue, May 31, 2011 at 4:57 AM, Deng Ching <> wrote:
> Currently, there is no security implemented for accessing (read-only) the
> working copies in the build agent via webdav. For CONTINUUM-2632, I'm
> planning to use a similar mechanism as with Maven when downloading/getting
> artifacts from a secured repository:

This seems to imply that people would be accessing the build agent
individually?  I don't think the build agent needs to know about users
-- the access should all go through the master which can handle
security via the user database.

If you introduce an xml file on the build agent, how would it get
populated for a new build agent, or updated for an existing one?  It
also seems like that file would duplicate information already stored
in the user database (what user can see what group).

I think the build agent should only respond to requests from the
master.  It shouldn't be talking to anybody else.  As long as it has
some way to verify that the request is indeed coming from the master,
I think that's enough to keep the working copies reasonably secure.


View raw message