I think introducing a database on the agent adds too much complexity and should be avoided.
There is already an issue for stopping the build agent from accepting requests from "just anyone". I think it should only listen and talk to its master server, which can figure out who can see what. Can you think of any other options? -- Wendy On Tue, Jul 27, 2010 at 9:47 PM, Marica Tan <[email protected]> wrote: > Yes I agree. > > Since we don't have a database in an agent, we can't do role-based > authorization. > > I think we need to have that database so we can provide that security for > the webdav interface as well as with the xmlrpc. > > WDYT?
