On Mon, Oct 1, 2012 at 10:27 PM, zperry <zack.pe...@sbcglobal.net> wrote:
>
> Reviewed the above, and saw this " When your Jenkins is secured, you can use
> HTTP BASIC authentication to authenticate remote API requests. See
> Authenticating scripted clients for more details."
>
> IMHO this is a piece of "ill-advice". With our POC setup, and many other
> nodes running HTTP services, we simply use ssh forwarding for access using
> the localhost of the machine we are on. That is, most of our HTTP services
> are configured to offer HTTP services to their respective localhost only.
> This should be a common practice everywhere IMHO.
I don't really see how that practice relates to a web service intended
for both remote and local use from multiple users. The remote api does
the same things as the regular http interface. It could work, of
course, but it's not what people expect from a network service. If
you are going to only run commands locally from the jenkins master you
might as well use the cli or groovy instead of the remote api.
--
Les Mikesell
lesmikes...@gmail.com
