Hi Wendy, I think the shared key is the only way I can think of for now since it's not possible to do user authorization/authentication in the agent.
-- Marica On Mon, Jan 10, 2011 at 9:59 AM, Wendy Smoak <[email protected]> wrote: > Any thoughts on this? -Wendy > > On Tue, Dec 28, 2010 at 4:39 PM, Wendy Smoak <[email protected]> wrote: > > This bit of CONTINUUM-2599 caught my eye: > > > > "Current workaround to get Build Agent's installation is by directly > > using the Build Agent Web Service." > > > > I was under the impression that while the build agent would accept > > XML-RPC requests from anyone, it would only send responses back to the > > master defined in its config file. (See CONTINUUM-2044) > > > > Did something change and you are now able to connect directly to the > > agent and do things/get information without an authorization check? > > (There is no authentication/authorization on the build agent. > > (right?)) > > > > In addition, a comment on 2044 reminded me that CONTINUUM-2545 added > > unsecured webdav access to the working copy. > > > > Any thoughts on whether build agents should be better secured, and if so > how? > > > > * http://jira.codehaus.org/browse/CONTINUUM-2599 > > * http://jira.codehaus.org/browse/CONTINUUM-2044 > > * http://jira.codehaus.org/browse/CONTINUUM-2545 > > > > -- > > Wendy > > >
