On 01/07/2013 04:17 AM, Glyn Normington wrote:
Although I can see that some projects might want to use Hudson in this
way, I wonder if any non-committers look at Hudson job status to get a
feel for the stability of a project and would really miss being able
to access that? In that case, if the risk of exposing the ssh port to
the world is that someone will run a password cracking tool against
it, would it be possible to allow HTTP traffic to Hudson but restrict
the SSH access to requiring a committer's private key to authenticate?
Glyn,
I'm not sure I follow your train of thought re: exposing the ssh port to
the world, since build/dev/git.eclipse.org's SSH port already is. My
fear is that, if committer passwords and/or private keys are stored on
anonymously-accessible web applications (such as hudson.eclipse.org)
that information could potentially be obtained by individuals with ill
intent. If the committer account in question has a full shell, that
could mean real trouble for us from a security perspective.
Denis
_______________________________________________
cross-project-issues-dev mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
