On Fri, Aug 6, 2010 at 9:24 AM, Brett Porter <[email protected]> wrote: > Someone mentioned that this might be used for security before. That seems > overly restrictive - but you might want to consider adding an optional > shared-secret password that is passed through the build context and compared > to the agent configuration too. Though I think the best advice at the moment > is to document "don't make agents public" :)
Currently the build agent will accept commands from anyone, but only reply to the url configured in continuum.xml. This change means that an agent will accept commands from, and reply to, anyone. This is on top of the recent webdav addition that exposes all of the working copies on the agent. I gather this is going on trunk, so no objections to the change, but the security issue is something I'd want to see addressed before we call it GA. Just putting it on a private network doesn't solve the problem for me in an environment where users have security roles that allow them to see only certain projects. CI servers as a class aren't terribly secure to begin with -- they allow developers to execute arbitrary code during the build, but at least the dev has to check something into svn where someone might see it. Opening it up so that anyone on the network can get to it is a problem IMO. -- Wendy
