continuum-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maria Odea Ching (JIRA)" <>
Subject [jira] Commented: (CONTINUUM-2632) Secure working copies of Continuum build agents
Date Tue, 28 Jun 2011 08:37:42 GMT


Maria Odea Ching commented on CONTINUUM-2632:

Fix committed to trunk [-r1140480|].

With the committed implementation, it is no longer possible to browse the working copies in
the build agent directly. Only the build agent's master is allowed to access it. I made use
of the shared secret key/password to verify that the request came from the master. If the
password attached to the request matches the {{sharedSecretPassword}} configured in the build
agent, the request would be allowed. Otherwise, a 401 error will be returned.

> Secure working copies of Continuum build agents
> -----------------------------------------------
>                 Key: CONTINUUM-2632
>                 URL:
>             Project: Continuum
>          Issue Type: New Feature
>          Components: Distributed Builds, Security, XMLRPC Interface
>    Affects Versions: 1.4.0 (Beta)
>            Reporter: Maria Odea Ching
>            Assignee: Maria Odea Ching
>             Fix For: 1.4.1 (Beta)
> When CONTINUUM-2545 (Add WebDAV interface to continuum build agent for displaying the
working copies) was implemented, there was no security implemented so anyone can access the
working copies via webdav.

This message is automatically generated by JIRA.
For more information on JIRA, see:


View raw message