Any thoughts on this? -Wendy
On Tue, Dec 28, 2010 at 4:39 PM, Wendy Smoak <[email protected]> wrote: > This bit of CONTINUUM-2599 caught my eye: > > "Current workaround to get Build Agent's installation is by directly > using the Build Agent Web Service." > > I was under the impression that while the build agent would accept > XML-RPC requests from anyone, it would only send responses back to the > master defined in its config file. (See CONTINUUM-2044) > > Did something change and you are now able to connect directly to the > agent and do things/get information without an authorization check? > (There is no authentication/authorization on the build agent. > (right?)) > > In addition, a comment on 2044 reminded me that CONTINUUM-2545 added > unsecured webdav access to the working copy. > > Any thoughts on whether build agents should be better secured, and if so how? > > * http://jira.codehaus.org/browse/CONTINUUM-2599 > * http://jira.codehaus.org/browse/CONTINUUM-2044 > * http://jira.codehaus.org/browse/CONTINUUM-2545 > > -- > Wendy >
